[RFC][PATCH] (#6) filesystem auditing
Stephen Smalley
sds at tycho.nsa.gov
Tue Mar 15 12:44:09 UTC 2005
On Mon, 2005-03-14 at 17:14 -0600, Timothy R. Chavez wrote:
> The hooks appear in:
> fs/inode.c: destroy_inode(), alloc_inode()
> fs/dcache.c: d_move(), d_delete(), __d_lookup()
> fs/namei.c: permission(), exec_permission_lite(), may_delete()
>
> I think I've corrected the d_move() leakage by placing two hooks to
> audit_watch() in d_move() that works on the source dentry and the target
> dentry.
What happened to your d_instantiate/d_splice_alias hooks?
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the Linux-audit
mailing list