Specifications (the beginning)

From: Philippe Biondi (philippe.biondi@enst-bretagne.fr)
Date: Fri Apr 13 2001 - 00:52:45 PDT

  • Next message: David Wagner: "Re: intercepting system calls"

    On 13 Apr 2001, David Wagner wrote:
    
    > Philippe Biondi  wrote:
    > >Do everybody agree that we need AC metadata, in other words, data that is
    > >neither stored on the filesystem nor in the file, nor in the kernel ?
    >
    > What does this mean?  Can you give an example?
    > (Are you talking about configuration and administration,
    > or something else?)
    >
    > What's "AC data"?  Do you just mean "state" (whose interpretation
    > is up to the module)?  I'm sorry if I'm not up on all the acronyms.
    AC=access control (like in MAC, DAC, ACL :))
    
    > >Do everybody agree that a per-process AC data storing is the right way ?
    > >(uids and capabilities are also stored in task_struct)
    >
    > It's useful, but it's not the only issue.  Yes, some modules will
    > want to be able to manage per-process state.  I suspect that some
    > would also find it useful to be able to manage per-inode state.
    > And probably there are some cases I'm not thinking of?
    
    As we try to make a LCM (least common multiple ;)), we need it.
    
    --
    Philippe Biondi
    Systems administrator
    Webmotion Inc.
    http://www.webmotion.com
    mailto:philippe.biondiat_private
    Fax. (613) 260-9545
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:15:31 PDT