[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-audit
Subject: Re: VFS hooks analysis (pass 1)
From: Amy Griffis <amy.griffis () hp ! com>
Date: 2005-08-30 20:36:25
Message-ID: 20050830203625.GA28301 () zk3 ! dec ! com
[Download RAW message or body]
On Mon, Aug 29, 2005 at 05:12:01PM -0500, Timothy R. Chavez wrote:
> On Friday 26 August 2005 17:13, Amy Griffis wrote:
<snip>
> > The upstream audit code uses getname() and path_lookup() hooks to
> > collect object identity information during syscall processing. This
> > is sufficient for the following syscalls:
> >
> > sys_access
> > sys_chdir
> > sys_chmod
> > sys_chown
> > sys_execve
> > sys_lchown
> > sys_link
> > sys_lremovexattr
> > sys_lsetxattr
> > sys_removexattr
> > sys_setxattr
> > sys_swapon
> > sys_truncate
> > sys_utime(s)
> >
>
> Here's my thinking. It'd be nice to have a complete set of Inotify hooks
> that map to specific Inotify events (IN_*). Thus, even though the above
> syscalls may be sufficiently covered by the hook placements in the
> getname() and path_lookup() functions, I think we should split them out
> into seperate Inotify hooks.
Thanks for the input, Tim. I'll look into this.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic