[RFC][PATCH 0/2] (#6 U2) filesystem auditing
Chris Wright
chrisw at osdl.org
Tue Mar 29 17:15:17 UTC 2005
* Stephen Smalley (sds at tycho.nsa.gov) wrote:
> On Mon, 2005-03-28 at 19:54 -0600, Timothy R. Chavez wrote:
> > :: TERMINOLOGY ::
> >
> > watch : data that describes a file or directory that should be audited
> > watchlist : a linked list of watchlist entries residing on a directory
> > watchlist entry (wentry): an entry to a watchlist that contains a watch
>
> Suggestion: You need to start with a description of your
> goal/requirements, and work in your terminology definition as part of it
> or immediately after it.
Totally agreed. This has been one of the biggest complaints re: inotify.
thanks,
-chris
More information about the Linux-audit
mailing list