Originally Posted By: Tim
One of the requirements is to log every failed attempt to create a file in a directory the user doesn't have access to (such as logging an attempt to touch /etc/testfile ).

I don't know offhand, but the hooks to do something like that probably exist in the security model code -- for SELinux and/or apparmor.

But if you control/build your own kernels, then it's like a 2-line patch to just add it to the main kernel source. Sample patch attached.

-ml


Attachments
log_permission_errors.patch (142 downloads)
Description: 2-line patch to log "permission denied" errors on attempts to open files.