On 7/8/05, Chris Wright <[EMAIL PROTECTED]> wrote:
> * Timothy R. Chavez ([EMAIL PROTECTED]) wrote:
> > @@ -69,6 +70,8 @@ int inode_setattr(struct inode * inode,
> > unsigned int ia_valid = attr->ia_valid;
> > int error = 0;
> >
> >
On Friday 08 July 2005 12:46, Greg KH wrote:
> On Thu, Jul 07, 2005 at 02:49:15PM -0500, Timothy R. Chavez wrote:
> >
> > Even if access control prohibits us from actually seeing the content of
> > /etc/shadow, if we're auditing /etc/shadow, attempts should be logged
>
On Friday 08 July 2005 12:46, Greg KH wrote:
On Thu, Jul 07, 2005 at 02:49:15PM -0500, Timothy R. Chavez wrote:
Even if access control prohibits us from actually seeing the content of
/etc/shadow, if we're auditing /etc/shadow, attempts should be logged
and not gone unnoticed
On 7/8/05, Chris Wright [EMAIL PROTECTED] wrote:
* Timothy R. Chavez ([EMAIL PROTECTED]) wrote:
@@ -69,6 +70,8 @@ int inode_setattr(struct inode * inode,
unsigned int ia_valid = attr-ia_valid;
int error = 0;
+ audit_notify_watch(inode, MAY_WRITE);
+
Hmm, this looks
On Thursday 07 July 2005 16:31, Arjan van de Ven wrote:
> On Thu, 2005-07-07 at 15:48 -0400, Steve Grubb wrote:
>
> > Tim's code lets you say I want change notification to this file only. The
> > notification follows the audit format with all relavant pieces of
> > information
> > gathered at
On Thursday 07 July 2005 13:10, Greg KH wrote:
> On Thu, Jul 07, 2005 at 11:26:51AM -0500, Timothy R. Chavez wrote:
> > On Wednesday 06 July 2005 18:50, Greg KH wrote:
> > > On Wed, Jul 06, 2005 at 03:23:10PM -0500, Timothy R. Chavez wrote:
> > > > This is simila
On Wednesday 06 July 2005 18:50, Greg KH wrote:
> On Wed, Jul 06, 2005 at 03:23:10PM -0500, Timothy R. Chavez wrote:
> > This is similar to Inotify in that the audit subsystem watches for file
> > system activity and collects information about inodes its interested
> >
On Wednesday 06 July 2005 18:50, Greg KH wrote:
On Wed, Jul 06, 2005 at 03:23:10PM -0500, Timothy R. Chavez wrote:
This is similar to Inotify in that the audit subsystem watches for file
system activity and collects information about inodes its interested
in, but this is where
On Thursday 07 July 2005 13:10, Greg KH wrote:
On Thu, Jul 07, 2005 at 11:26:51AM -0500, Timothy R. Chavez wrote:
On Wednesday 06 July 2005 18:50, Greg KH wrote:
On Wed, Jul 06, 2005 at 03:23:10PM -0500, Timothy R. Chavez wrote:
This is similar to Inotify in that the audit subsystem
On Thursday 07 July 2005 16:31, Arjan van de Ven wrote:
On Thu, 2005-07-07 at 15:48 -0400, Steve Grubb wrote:
Tim's code lets you say I want change notification to this file only. The
notification follows the audit format with all relavant pieces of
information
gathered at the time
re; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it wil
ile system by the administrator,
the audit subsystem takes over its maintenance until its removal.
We've submitted for inclusion to the -mm tree.
Thank you.
-tim
Signed-off-by: Timothy R. Chavez <[EMAIL PROTECTED]>
---
fs/attr.c |3
fs/dcache.c
-by: Timothy R. Chavez [EMAIL PROTECTED]
---
fs/attr.c |3
fs/dcache.c |9
fs/inode.c |7
fs/namei.c | 13
fs/open.c |6
include/linux/audit.h | 74 +++
include/linux/fs.h |3
auditability even under memory pressures.
The user interface provided in kernel/audit.c is extended to allow the
administrator to add watches, remove watches, and list watches.
We've submitted for inclusion to the -mm tree.
Thank you.
-tim
Signed-off-by: Timothy R. Chavez [EMAIL PROTECTED
dates
dnotify out of obligation) and openly implements the "generic" hooks
it requires.
Regardless, if this is the way it's going to be done. We'll expand
fs_notify.h to meet our needs as well.
Also, FYI:
I just purchased the 2nd edition of your book, looking forward to reading
.
Regardless, if this is the way it's going to be done. We'll expand
fs_notify.h to meet our needs as well.
Also, FYI:
I just purchased the 2nd edition of your book, looking forward to reading it.
snip
--
- Timothy R. Chavez
-
To unsubscribe from this list: send the line unsubscribe linux-kernel
urpose OR there any
> other (better) methods of communication??
Perhaps netlink? Here's an introduction: http://qos.ittc.ku.edu/netlink/html/
>
> Regards,
> Ravindra N.
--
- Timothy R. Chavez
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" i
) methods of communication??
Perhaps netlink? Here's an introduction: http://qos.ittc.ku.edu/netlink/html/
Regards,
Ravindra N.
--
- Timothy R. Chavez
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info
18 matches
Mail list logo
