[PATCH] auditfs updates to .46
Timothy R. Chavez
tinytim at us.ibm.com
Wed May 25 15:31:47 UTC 2005
On Wednesday 25 May 2005 09:11, David Woodhouse wrote:
> On Wed, 2005-05-25 at 14:46 +0100, David Woodhouse wrote:
> > Why is audit_notify_watch() in auditfs.c? Can it ever do anything
> > useful if !CONFIG_AUDITFILESYSTEM?
>
> Hm, because it needs visibility to the audit_context. Could possibly be
> split into two functions though, along the following lines...
>
> As an added bonus, this should prevent it oopsing if a task doesn't have
> an audit context but touches a watched inode.
>
> Are we really supposed to be using GFP_KERNEL in audit_notify_watch()
> (now in audit_attach_wdata()) ? We're never checking the return value
> from audit_notify_watch() either.
>
I'll play with this. I thought that GFP_KERNEL was okay here. I think I'm
only ever under a semaphore if I'm under a lock at this point.
I like your little macro.
-tim
More information about the Linux-audit
mailing list