Crispin Cowan wrote: > > Casey Schaufler wrote: > > A useful function, first proposed in literature by > > W. Olin Sibert, would be one which you pass a bunch > > of security attributes for the subject and a set for > > the object along with a proposed access and you get > > back a best guess answer. It could be implemented > > strictly in userland for many policies. On the other > > hand, I've never seens a reasonable specification > > for the call. > > I don't see a problem with LSM modules providing new system calls (or ioctls, > or sysctls, or whatever) to provide this kind of functionality. It's yet > another module feature, not a feature of LSM per se. > The access() function provides a uniform way for programmers to find out if a *file system* function would work or not. A function would need to be implemented as part of the LSM to provide this same feature for other kinds of access checks such as "Can I bind to this reserved port". Modules would hook this new function leaving the function itself security policy agnostic. I would propose re-implementing the access() call to be a wrapper for the new function so that module writers only need to hook into one place. Not implementing a generic call leaves us with a lot of programs that work under one module and not another or with a number of #ifdefs. Neil
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 21:58:25 PDT