Question about setting watches in auto-mounted directories in RHEL 5.2
Steve Grubb
sgrubb at redhat.com
Sun Nov 30 15:47:07 UTC 2008
On Sunday 30 November 2008 10:11:10 Alexander Viro wrote:
> > > Unfortunately, auto-mounts are, well, automatic, so there's no one to
> > > issue that command.
>
> You do realize that they are, in the end, done from userland? Which is
> the natural place to do that...
The problem is that's a little racy. But more importantly, it would be nice to
load rules once since there is a chance that high security installations will
have the audit system in immutable mode.
For rules that do not resolve all the way to an inode, they could be put on a
wait list that gets checked for resolution anytime mount is called.
-Steve
More information about the Linux-audit
mailing list