[RFC][PATCH 1/3] CAPP-compliant file system auditing
Stephen Smalley
sds at tycho.nsa.gov
Thu Mar 31 19:08:15 UTC 2005
On Thu, 2005-03-31 at 12:17 -0600, Timothy R. Chavez wrote:
> I suspect there will be questions framed around specific parts of this design
> and I will address them as they come. However, please keep in mind that we
> are not auditing based on content, but "name".
Or possibly location.
> This is _not_ a general purpose file system auditing solution.
Ah, bad statement to make when seeking acceptance into a general purpose
operating system. Better to say that this is intended to complement the
existing support for auditing based on (device,inode) pair to fill a
specific gap, namely preservation of audit on particular locations
across transactions?
> This patch was diffed against linux-2.6.11.5 and introduces the new
> functionality to the kernel's audit subsystem.
Diffs against 2.6.11.5 might be fine for an RFC, but for real
submission, you need to be more bleeding edge, e.g. 2.6.12-rc1-mm4 or
whatever the latest one is. Especially as there are already audit-
related patches there.
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the Linux-audit
mailing list