[RFC][PATCH] (#5, Update #2) filesystem auditing support
Stephen Smalley
sds at tycho.nsa.gov
Tue Mar 8 20:24:59 UTC 2005
On Mon, 2005-03-07 at 13:59 -0600, Timothy R. Chavez wrote:
> I'm going to spend a couple days testing this and writing the abstract
> and then I want to put it on linux-fsdevel. I'd really appreciate
> some scrutiny and feedback on this patch during that time. The goal
> is to finally move on this and make it more visible this week. There
> is still one remaining feature that was requested that needs to be
> implemented and I'll get to it eventually... before March is over (the
> end of my development schedule).
Why not put your audit_notify_watch() call inside of may_delete(), after
the test to make sure that victim->d_inode is not NULL? That lets you
also catch the rename cases.
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the Linux-audit
mailing list