[PATCH] vfs_gpfs: add optional ACL auditing
cs at samba.org
Fri Dec 16 16:24:32 UTC 2016
On Fri, Dec 16, 2016 at 03:17:18PM +0100, Ralph Böhme wrote:
> On Fri, Dec 16, 2016 at 02:15:27PM +0100, Volker Lendecke wrote:
> > On Fri, Dec 16, 2016 at 12:29:45PM +0100, Ralph Böhme wrote:
> > > Attached is a patch for vfs_gpfs that adds an optional hook for kernel auditing
> > > frameworks to audit ACL changes.
> > While this probably works, I would appreciate an a *bit* more
> > elaborate comment why this is necessary. To me this look rather
> > hackish to be honest.
> Ralph W., can you comment on this and disclose as much information as necessary
> to get this past the gate. :)
From what i remember, this is to support auditing systems that hooks into the
Linux kernel VFS. Calls from Samba to the GPFS library are not visible
to the kernel VFS, so they will be missed by the auditing.
The "hack" here is to trigger an operation that is visible to the Linux
kernel VFS, so that something can be logged in the auditing system.
Besides this being hackish, i am wondering whether this also misses
other interesting calls to GPFS from Samba such as:
More information about the samba-technical