Audit Filesystem

[Steve Grubb]

On Sunday 06 March 2005 13:30, Timothy R. Chavez wrote:
> I put it as a seperate option because I saw that Rik Faith had
> seperated the generic auditing framework and the syscall auditing
> portion in to two seperate config options.

Then maybe we should have each configured option add something to the status 
request so that userspace can figure out what the kernel supports. This is 
similar to xinetd when it starts up saying what options were configured when 
it was compiled. But frankly, I see this as all or nothing. You either audit 
or don't. I really can't see any distribution doing it halfway. Maybe 
individuals for some special reason, but a distribution should turn it all 
on.

I also ran into another problem when applying all these patches. A couple 
structures have been introduced to audit.h as we have been progressing. 
audit.h does not have any includes to pull in the structure definitions. For 
example, "struct inode", "struct list_head", "rwlock_t", and "atomic_t". 
These are causing compile failures in other places when audit.h gets 
included. I think fs.c was the place most things died in.

If we add data types to audit.h, we also need to add the right includes so 
other places don't break. (I've been applying patches to a 2.6.11 based 
kernel.)

Thanks,
-Steve Grubb