Re: [Patch][RFC] fcntl: add ability to stop monitored processes

[Matthew Wilcox]

On Mon, Jun 13, 2005 at 04:10:23PM +0100, Alan Cox wrote:
> On Llu, 2005-06-13 at 14:50, Neil Horman wrote:
> > You mean add the ability to monitor directories for changes to the ptrace
> > interface entirely?
> 
> If you are using it for debugging and tracking file accesses then ptrace
> seems to be the right interface. 

It all depends what you're trying to track.  If you want to ask what
"this task" is accessing, then yes, ptrace.  But if you want to know
who's chmod'ing /dev/null to 600 you really want a file- or directory-
based scheme.  Rather than extending F_NOTIFY, it might be better to
look at selinux policies?

-- 
"Next the statesmen will invent cheap lies, putting the blame upon 
the nation that is attacked, and every man will be glad of those
conscience-soothing falsities, and will diligently study them, and refuse
to examine any refutations of them; and thus he will by and by convince 
himself that the war is just, and will thank God for the better sleep 
he enjoys after this process of grotesque self-deception." -- Mark Twain
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/