[RFC][PATCH 0/2] (#6 U2) filesystem auditing
Stephen Smalley
sds at tycho.nsa.gov
Wed Mar 30 17:42:30 UTC 2005
On Wed, 2005-03-30 at 11:23 -0600, Timothy R. Chavez wrote:
> On Tuesday 29 March 2005 10:16 am, Stephen Smalley wrote:
> > You likely need to explain why may_create is not adequate (i.e. no inode
> > yet). Although this almost makes me wonder whether i_audit should be
> > d_audit, i.e. a field of the dentry, as your entire scheme is based on
> > (parent directory, component name) pairs anyway.
>
> For reason's we discussed on the phone it's probably best to keep the
> information stored at the inode level.
Possibly, but be prepared for the question on linux-fsdevel. When the
SELinux kernel patch was first presented to the kernel developers at the
March 2001 Kernel Summit, they definitely questioned the association of
security data with the inode vs. the dentry. In the case of MAC, we can
clearly justify that design choice, as we want to label and control
access to the real object, not the name by which it is accessed, but in
the case of a name-based auditing scheme like yours, the justification
seems weaker.
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the Linux-audit
mailing list