[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-audit
Subject:    Re: VFS hooks analysis (pass 1)
From:       Amy Griffis <amy.griffis () hp ! com>
Date:       2005-08-30 20:36:25
Message-ID: 20050830203625.GA28301 () zk3 ! dec ! com
[Download RAW message or body]

On Mon, Aug 29, 2005 at 05:12:01PM -0500, Timothy R. Chavez wrote:
> On Friday 26 August 2005 17:13, Amy Griffis wrote:
<snip>
> > The upstream audit code uses getname() and path_lookup() hooks to
> > collect object identity information during syscall processing.  This
> > is sufficient for the following syscalls:
> > 
> >     sys_access
> >     sys_chdir
> >     sys_chmod
> >     sys_chown
> >     sys_execve
> >     sys_lchown
> >     sys_link
> >     sys_lremovexattr
> >     sys_lsetxattr
> >     sys_removexattr
> >     sys_setxattr
> >     sys_swapon
> >     sys_truncate
> >     sys_utime(s)
> > 
> 
> Here's my thinking.  It'd be nice to have a complete set of Inotify hooks
> that map to specific Inotify events (IN_*).  Thus, even though the above
> syscalls may be sufficiently covered by the hook placements in the 
> getname() and path_lookup() functions, I think we should split them out
> into seperate Inotify hooks.  

Thanks for the input, Tim.  I'll look into this.

[prev in list] [next in list] [prev in thread] [next in thread]