Re: Specifications (the beginning)

From: Crispin Cowan (crispinat_private)
Date: Sun Apr 15 2001 - 00:26:49 PDT

  • Next message: F. Voegel: "Re: Specifications (the beginning)"

    Greg KH wrote:
    
    > On Sat, Apr 14, 2001 at 05:53:31PM -0700, Crispin Cowan wrote:
    > > Is there any additional help we can give modules to load config files?  Or is it pretty
    > > much all there with ioctls?
    > We don't have to add anything to the kernel to allow this to happen, you
    > can use any of the following interfaces to get data into your kernel
    > module today:
    
    Fair enough.
    
    
    > > I'm not sure about "handles in a different way", but a quick search
    > > http://www.google.com/search?q=linux+acl produced a lot of diverse hits.  There appear
    > > to be several different projects out there intent on adding ACLs to linux, some as much
    > > as four years old  http://www.uwsg.indiana.edu/hypermail/linux/kernel/9705.0/0035.html
    >
    > Are any of those people involved in this discussion?  If not... :)
    
    Good enough for now.
    
    
    > > Exactly:  I want to avoid messing with it, but enabel LSMs to mess with them.  If we
    > > can get away with it, just standing aside and letting the LSMs talk directly to the
    > > file system would be ideal.
    > And bypass the current VFS?  I'm confused about what you want to achieve
    > here.  Do you want to have a module that hooks through this LSM
    > interface be able to control access to only a specific filesystem?  Or
    > read it's ACLs from a specific filesystem?
    
    Sorry for the confusion; no, I'm not trying to say anything specific about file system layer
    vs. VFS, or about what we should do about extended attributes.  Just that it will come at us
    sooner or later.
    
    I suppose the only specific thing I'm saying is that we should NOT attempt to re-invent
    extended attributes and try to kludge some kind of metadata persistency into the
    LSM interface itself:  that's a job for the file system, if it's up to it.
    
    Crispin
    
    --
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Sun Apr 15 2001 - 00:29:13 PDT