Crispin Cowan wrote: > "allowed_to_open()" already exists: it is called "access(2)". Say "man 2 > access" for details. access(2) is a queer duck. It uses regular path lookup to the final component, but the realuid for the object itself. Further, it does not deal with conditions which exist today, such as read-only file systems and immutable bits. It's useless if you want to do anything with extended policies, as you have to set the process attributes before the call. Often you want to do the check to determine if you should set a non-resetable attribute. A useful function, first proposed in literature by W. Olin Sibert, would be one which you pass a bunch of security attributes for the subject and a set for the object along with a proposed access and you get back a best guess answer. It could be implemented strictly in userland for many policies. On the other hand, I've never seens a reasonable specification for the call. -- Casey Schaufler Manager, Trust Technology, SGI caseyat_private voice: 650.933.1634 casey_pat_private Pager: 888.220.0607 _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 13:42:59 PDT