zfs discuss - May 2006 - Re: PSARC 2006/288 zpool history

> Why not use the Solaris audit facility?
Several reasons:

(1) We want the history to follow the data, not the host.  If you
    export the pool from one host and import it on another, we want
    the command history to move with the pool.  That won''t happen
    if the history file is somewhere in /etc or /var.

(2) For correctness, we want the record of the command to be written
    in the same transaction group as the action it causes.  That way
    there''s no ambiguity about whether a given command did or did not
    complete before something bad happened.

Jeff

On Thu, May 04, 2006 at 12:39:59AM -0700, Jeff Bonwick
wrote:
> > Why not use the Solaris audit facility?
> 
> Several reasons:
> 
> (1) We want the history to follow the data, not the host.  If you
>     export the pool from one host and import it on another, we want
>     the command history to move with the pool.  That won''t happen
>     if the history file is somewhere in /etc or /var.
> 
> (2) For correctness, we want the record of the command to be written
>     in the same transaction group as the action it causes.  That way
>     there''s no ambiguity about whether a given command did or did
not
>     complete before something bad happened.
OK, I that makes a lot of sense.  But you''d still want to audit, no?

Nicolas Williams wrote:
> On Thu, May 04, 2006 at 12:39:59AM -0700, Jeff Bonwick wrote:
>>> Why not use the Solaris audit facility?
>> Several reasons:
>>
>> (1) We want the history to follow the data, not the host.  If you
>>     export the pool from one host and import it on another, we want
>>     the command history to move with the pool.  That won''t
happen
>>     if the history file is somewhere in /etc or /var.
>>
>> (2) For correctness, we want the record of the command to be written
>>     in the same transaction group as the action it causes.  That way
>>     there''s no ambiguity about whether a given command did or
did not
>>     complete before something bad happened.
> 
> OK, I that makes a lot of sense.  But you''d still want to audit,
no?
Why ?  The ''ex'' class already deals with that and auditing of
file
system stuff is done else where.

I think this project is complementary to Solaris BSM Audit.

-- 
Darren J Moffat