From mboxrd@z Thu Jan 1 00:00:00 1970 From: Klaus Weidner Subject: Re: Auditing File Changes Date: Mon, 10 Jul 2006 16:15:18 -0500 Message-ID: <20060710211517.GC6780@w-m-p.com> References: <20060710194646.GA6780@w-m-p.com> <20060710202405.18458.qmail@web36606.mail.mud.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31]) by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k6ALFdLc001935 for ; Mon, 10 Jul 2006 17:15:39 -0400 Received: from mail.atsec.com (mail.atsec.com [195.30.252.105]) by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k6ALFcms030363 for ; Mon, 10 Jul 2006 17:15:38 -0400 Content-Disposition: inline In-Reply-To: <20060710202405.18458.qmail@web36606.mail.mud.yahoo.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Casey Schaufler Cc: Linux-audit@redhat.com List-Id: linux-audit@redhat.com On Mon, Jul 10, 2006 at 01:24:05PM -0700, Casey Schaufler wrote: > --- Klaus Weidner wrote: > > How about using FUSE (userspace file system) on top of a version > > control system (git, subversion, ...), and using the version control > > system's change records to keep track of the full history? > > I donno, those small writes are going to be kind of slow. Hmm, I wonder how much would break if the filesystem treated the close() as a commit in the version control system, with the changes not being visible to other processes until that happens... (or exit() instead of close() for a more transactional approach) -Klaus