[PATCH 11/15] fixing audit rule ordering mess, part 1
Eric Paris
eparis at redhat.com
Wed Dec 17 21:10:44 UTC 2008
On Wed, 2008-12-17 at 20:59 +0000, Al Viro wrote:
> On Wed, Dec 17, 2008 at 01:28:08PM -0500, Eric Paris wrote:
>
> > I don't see why prio is only important on AUDIT_FILTER_EXIT. Couldn't I
> > end up with stupidity with entry,never ?
>
>
> AUDIT_WATCH and AUDIT_INODE can live only on exit chain. I.e. we don't have
> that problem - other chains sit on the lists of their own and there the
> list ordering itself takes care of everything. Exit chain has parts in
> sitting in hash instead of the primary list.
Makes perfect sense. They all look good to me.
-Eric
More information about the Linux-audit
mailing list