Re: [2.6.16 PATCH] Connector: Filesystem Events Connector v3

[Arjan van de Ven]

On Fri, 2006-03-24 at 18:52 +1100, CaT wrote:
> On Thu, Mar 23, 2006 at 11:42:00PM -0800, Andrew Morton wrote:
> > You explained why it was better than grafting audit onto this application. 
> > 
> > But do you see some special value in the actual services which this patch
> > provides - monitoring filesystem events?
> 
> Is there something around atm that would, for example, allow a virus
> scanner to scan files when they are created, etc? Or to add files to
> an index for quick searches?

audit, inotify


> There are probably other potential uses but I'm too tired and those two
> come to mind right now.

but this mechanism doesn't actually cover the virus scanner need at
least; audit is a bit more complex in code because it's a security tool
and needs to be accurate for security-related events. Now guess what...
a virus scanner needs this same level of scrutiny... (well unless you
don't care about that it's easy to bypass your scanner and that you
support linux only for marketing reasons ;)


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/