summaryrefslogtreecommitdiff
path: root/init
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2007-07-22 08:04:18 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2007-10-21 02:37:45 -0400
commit74c3cbe33bc077ac1159cadfea608b501e100344 (patch)
tree4c4023caa4e15d19780255fa5880df3d36eb292c /init
parent455434d450a358ac5bcf3fc58f8913d13c544622 (diff)
downloadkernel-common-74c3cbe33bc077ac1159cadfea608b501e100344.tar.gz
kernel-common-74c3cbe33bc077ac1159cadfea608b501e100344.tar.bz2
kernel-common-74c3cbe33bc077ac1159cadfea608b501e100344.zip
[PATCH] audit: watching subtrees
New kind of audit rule predicates: "object is visible in given subtree". The part that can be sanely implemented, that is. Limitations: * if you have hardlink from outside of tree, you'd better watch it too (or just watch the object itself, obviously) * if you mount something under a watched tree, tell audit that new chunk should be added to watched subtrees * if you umount something in a watched tree and it's still mounted elsewhere, you will get matches on events happening there. New command tells audit to recalculate the trees, trimming such sources of false positives. Note that it's _not_ about path - if something mounted in several places (multiple mount, bindings, different namespaces, etc.), the match does _not_ depend on which one we are using for access. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'init')
-rw-r--r--init/Kconfig4
1 files changed, 4 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 541382d539ad..b7dffa837926 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -234,6 +234,10 @@ config AUDITSYSCALL
such as SELinux. To use audit's filesystem watch feature, please
ensure that INOTIFY is configured.
+config AUDIT_TREE
+ def_bool y
+ depends on AUDITSYSCALL && INOTIFY
+
config IKCONFIG
tristate "Kernel .config support"
---help---