> YAMAMOTO Takashi wrote:
> >> Hi, currently veriexecgen will create a seperate entry in a fingerprintdb file 
> >> for hard-links. The attached patch only adds one entry per inode/device number.
> >> Is it safe to use inode/device pairs for this purpose? Comments?
> > 
> > what's the point to exclude hardlinks?
> 
> just a way to keep files smaller; it doesn't really matter because
> veriexec will handle it okay regardless...
> 
> -e.

1. consider the following two are hardlinks of the same binary.

	/bin/foo
	/bin/bar

2. you run fpgen for /bin/*.  it creates a db which only contains /bin/foo.

3. someone removes /bin/bar and installs another version of /bin/bar.

4. now the db doesn't cover /bin/bar.

isn't it a problem?
(i don't claim i understand the model of veriexec. :-)

YAMAMOTO Takashi