Re: [PATCH] audit: file system auditing based on location and name

[Steve Grubb]

On Thursday 07 July 2005 14:15, Greg KH wrote:
> I fail to see any refactoring here, why not make your patch rely on
> theirs?

At the time this code was developed, inotify was not in the kernel. We would 
be patching against another patch that's not in the kernel.

> > The whole rest of it is different. I hope the inotify people comment
> > on this to see if there is indeed something that should be refactored.
>
> I realize your userspace access is different, yet I do not believe yet
> that it should be this way.

The problems that we are faced with are dictated by CAPP and other security 
profiles. The audit user space access has been in the kernel for over a year, 
so that's not really a good thing to go changing.

> No documentation on the auditfs interface :(

That's what Tim's email was providing. Its a new component.

> > The audit package is currently distributed in Fedora Core 4. The code to
> > use Tim's fs audit code is in the user space app, but is waiting for the
> > kernel pieces.
>
> So the userspace package in FC4 will not use auditfs?

Right. You get a few warnings due to missing functionality. If the kernel were 
patched with Tim's code, it all works as expected. We have worked out the 
user space access and that shouldn't be changing.

-Steve
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/