On Saturday 03 January 2009 19:17, Jamie Lokier wrote: > Justin P. Mattock wrote: > > Thats some crazy stuff!! and just think most of it is > > simply magnets.(but more complicated than that) > > >One feature we are kicking around to make life easier for SELinux: > > >sometimes the filesystem can run while SELinux is not running, and > > >security labels will be wrong when SELinux re-enters the picture. We > > >have in mind to provide a persistent log of filesystem events that the > > >security system can attach to on startup and find out what went on in > > >its absence. > > > > > > > > That sounds nice: > > > > find out what went on in > > its absence. > > That sounds like a feature Windows had for many years now, (since > Windows 2000?). It complements the Windows equivlant of > dnotify/inotify/fsnotify. > > It's used for file indexing too (think equivalent to Spotlight, > Beagle, etc.), and other types of security scanning (think equivalent > to Tripwire). > > I wonder why the people writing file indexing tools for Linux never > made a fuss about this. Inotify is ok for indexing, but means quite a > few minutes of intensive disk activity after each boot to rescan /home. Actually they did. It was a poke from Jos van den Oever, the Strigi guy, that got me thinking about it, the security aspect came up later. Regards, Daniel -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
