On 07/04/18 03:33, Frank Thommen wrote: > Hello, > > are there any "hooks" in the automounter for custom actions that should happen at mount and unmount time of a filesystem? We are starting with auditing specific system calls on files using Linux' auditd. However filesystems which don't existing when auditd starts lead to an error. And when I configure auditd for the parent of the mountpoint of a filesystem, then the rules are not recursively applied even when the filesystem is mounted later. There aren't. I'm not sure how that could fit into the autofs map syntax without it being non-standard. That could break multi-vendor site configurations. I'm not familiar with autitd either can you tell me a little more about what your doing please. > > A workaround could be to add a filesystem specific rule (using auditctl) when the filesystem is mounted and remove it again once the filesystem is unmounted by the automounter. Is that doable? It's probably doable but maybe not in a away that's convenient or sensible. I'm working on a kernel to user space notification system (but I don't know when or if it will be accepted into the kernel) and in time auditd might be persuaded to change to using it but I don't know if that will ever happen even if it did get accepted. Of course that won't help you now. Ian -- To unsubscribe from this list: send the line "unsubscribe autofs" in
