From mboxrd@z Thu Jan  1 00:00:00 1970
From: Al Viro <viro@ZenIV.linux.org.uk>
Subject: Re: [PATCH 11/15] fixing audit rule ordering mess, part 1
Date: Wed, 17 Dec 2008 20:59:02 +0000
Message-ID: <20081217205902.GH28946@ZenIV.linux.org.uk>
References: <E1LCoiI-0000Eu-Ty@ZenIV.linux.org.uk> <1229538488.3384.33.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <linux-kernel-owner+glk-linux-kernel-3=40m.gmane.org-S1752650AbYLQU7U@vger.kernel.org>
Content-Disposition: inline
In-Reply-To: <1229538488.3384.33.camel@localhost.localdomain>
Sender: linux-kernel-owner@vger.kernel.org
To: Eric Paris <eparis@redhat.com>
Cc: Al Viro <viro@ftp.linux.org.uk>, linux-audit@redhat.com, linux-kernel@vger.kernel.org
List-Id: linux-audit@redhat.com

On Wed, Dec 17, 2008 at 01:28:08PM -0500, Eric Paris wrote:

> I don't see why prio is only important on AUDIT_FILTER_EXIT.  Couldn't I
> end up with stupidity with entry,never  ?


AUDIT_WATCH and AUDIT_INODE can live only on exit chain.  I.e. we don't have
that problem - other chains sit on the lists of their own and there the
list ordering itself takes care of everything.  Exit chain has parts in
sitting in hash instead of the primary list.