From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Timothy R. Chavez" Subject: Re: [PATCH] audit: file system auditing based on location and name Date: Thu, 7 Jul 2005 17:08:31 -0500 Message-ID: <200507071708.32451.tinytim@us.ibm.com> References: <1120668881.8328.1.camel@localhost> <200507071548.37996.sgrubb@redhat.com> <1120771909.3198.32.camel@laptopd505.fenrus.org> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: 7bit Cc: Steve Grubb , Greg KH , Andrew Morton , linux-audit@redhat.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, David Woodhouse , Mounir Bsaibes , Serge Hallyn , Alexander Viro , Klaus Weidner , Chris Wright , Stephen Smalley , Robert Love , Christoph Hellwig , Daniel H Jones , Amy Griffis , Maneesh Soni Return-path: Received: from e31.co.us.ibm.com ([32.97.110.129]:974 "EHLO e31.co.us.ibm.com") by vger.kernel.org with ESMTP id S262305AbVGGWJE (ORCPT ); Thu, 7 Jul 2005 18:09:04 -0400 To: Arjan van de Ven In-Reply-To: <1120771909.3198.32.camel@laptopd505.fenrus.org> Content-Disposition: inline Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Thursday 07 July 2005 16:31, Arjan van de Ven wrote: > On Thu, 2005-07-07 at 15:48 -0400, Steve Grubb wrote: > > > Tim's code lets you say I want change notification to this file only. The > > notification follows the audit format with all relavant pieces of information > > gathered at the time of the event and serialized with all other events. > > well can't you sort of do that based on (selinux) security context of > the file already? after all that's part of the inode already. Isn't that > finegrained enough? > Provided you make it that far, yes, SE Linux _could_ be used to provide similar functionality. But, what if you bottom out on a DAC decision? [foo@liltux /]$ cat /etc/shadow cat: /etc/shadow: Permission denied -tim