SAFE public projects git trees. - safe/jmp/linux-2.6/commit

author	Al Viro <viro@zeniv.linux.org.uk>
	Sun, 22 Jul 2007 12:04:18 +0000 (08:04 -0400)
committer	Al Viro <viro@zeniv.linux.org.uk>
	Sun, 21 Oct 2007 06:37:45 +0000 (02:37 -0400)
commit	74c3cbe33bc077ac1159cadfea608b501e100344
tree	4c4023caa4e15d19780255fa5880df3d36eb292c	tree \| snapshot
parent	455434d450a358ac5bcf3fc58f8913d13c544622	commit \| diff

[PATCH] audit: watching subtrees

New kind of audit rule predicates: "object is visible in given subtree".
The part that can be sanely implemented, that is. Limitations:
* if you have hardlink from outside of tree, you'd better watch
it too (or just watch the object itself, obviously)
* if you mount something under a watched tree, tell audit
that new chunk should be added to watched subtrees
* if you umount something in a watched tree and it's still mounted
elsewhere, you will get matches on events happening there. New command
tells audit to recalculate the trees, trimming such sources of false
positives.

Note that it's _not_ about path - if something mounted in several places
(multiple mount, bindings, different namespaces, etc.), the match does
_not_ depend on which one we are using for access.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

fs/dcache.c		diff \| blob \| history
include/linux/audit.h		diff \| blob \| history
include/linux/dcache.h		diff \| blob \| history
init/Kconfig		diff \| blob \| history
kernel/Makefile		diff \| blob \| history
kernel/audit.c		diff \| blob \| history
kernel/audit.h		diff \| blob \| history
kernel/audit_tree.c	[new file with mode: 0644]	blob
kernel/auditfilter.c		diff \| blob \| history
kernel/auditsc.c		diff \| blob \| history