[RFC][PATCH] (#6 U1) the latest incarnation
Timothy R. Chavez
tinytim at us.ibm.com
Fri Mar 25 17:07:50 UTC 2005
On Friday 25 March 2005 07:04 am, Stephen Smalley wrote:
> Alternatively, you could just view "rename", "link", and "unlink" as
> another form of write, so you could pass MAY_WRITE here.
I think we should keep it simple for the time being and go with this.
>
> With regard to additional hook placement for audit_notify_watch, I think
> you likely do want to mirror the security*_post* hooks for file creation
> (create, mkdir, mknod, symlink), rename, and link with
> audit_notify_watch calls to perform notifications of such events.
I'm not entirely sure we should hook mknod or symlink. We're not making any
claims about the watchability of a device, or symlink with this code. Do you
agree?
-tim
More information about the Linux-audit
mailing list