[RFC][PATCH] (#7U4) file system auditing by location and name
Timothy R. Chavez
tinytim at us.ibm.com
Mon May 9 14:51:09 UTC 2005
On Mon, 2005-05-09 at 10:24 -0400, Stephen Smalley wrote:
> On Fri, 2005-05-06 at 16:16 -0500, Timothy R. Chavez wrote:
> > +/*
> > + * The update hook is responsible for watching and unwatching d_inodes during
> > + * their lifetimes in dcache. Each d_inode being watched is pinned in memory.
> > + * As soon as a d_inode becomes unwatched (when !d_inode->i_audit->wentry), it
> > + * is unpinned.
>
> Wouldn't it be simpler to hold a reference to the dentry upon
> audit_insert_watch(), saving the dentry in the audit_wentry, and then
> release it upon audit_wentry_free()? This would keep it pinned from the
> time of insertion until the wentry is freed.
>
Hi Stephen,
I like the suggestion, but I don't think it'll necessarily be simpler.
Here's why:
When I grab a reference to a dentry and store it with the wentry and
then I unlink (via rm) the dentry, because the refcount > 0, it'll be
kept in memory until I release the reference, right?
The upshot is that this will require a conditional and a possible swap
only on insertions.
-tim
More information about the Linux-audit
mailing list