From mboxrd@z Thu Jan 1 00:00:00 1970 From: Theodore Tso Subject: Re: [Tux3] Tux3 report: A Golden Copy Date: Sun, 4 Jan 2009 08:04:46 -0500 Message-ID: <20090104130446.GA17558@mit.edu> References: <200812301935.49303.phillips@phunq.net> <200901021719.26680.phillips@phunq.net> <495EC040.2070905@gmail.com> <200901021903.24189.phillips@phunq.net> <495EDE04.5080703@gmail.com> <20090104031733.GB20929@shareable.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: "Justin P. Mattock" , Daniel Phillips , tux3@tux3.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org To: Jamie Lokier Return-path: Content-Disposition: inline In-Reply-To: <20090104031733.GB20929@shareable.org> Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Sun, Jan 04, 2009 at 03:17:33AM +0000, Jamie Lokier wrote: > Justin P. Mattock wrote: > > >One feature we are kicking around to make life easier for SELinux: > > >sometimes the filesystem can run while SELinux is not running, and > > >security labels will be wrong when SELinux re-enters the picture. We > > >have in mind to provide a persistent log of filesystem events that the > > >security system can attach to on startup and find out what went on in > > >its absence. > > > > That sounds like a feature Windows had for many years now, (since > Windows 2000?). It complements the Windows equivlant of > dnotify/inotify/fsnotify. Arguably you want to do this in the VFS layer, not in the low-level filesystem level if you want most applications to adopt it. > It's used for file indexing too (think equivalent to Spotlight, > Beagle, etc.), and other types of security scanning (think equivalent > to Tripwire). Eric Paris has a patch he's been proposing for a while now for a new notify mechanism designed for anti-virus scanners... - Ted