--------- Received message begins Here --------- > > Jesse Pollard wrote: > >That wasn't quite the question I was considerding: > > > > a) Would I be allowed to open the file IF I had the following... > > > >The question posed by the samble code above is: > > > > b) Would I be allowed to open the file IF I attempted to open > > the file.. > > > >Big difference. The question a) is more like what would be used by daemons > >(NFS/Samba...) to avoid changing uid. The second question b) is not really > >usefull since the open itself makes the same query. > > However, apps that ask question (a) are often broken, so I won't complain > if we don't provide support for question (a). I also won't mind if > we do let modules provide support for question (a) -- other folks are > welcome to do this, if they think it is useful. What I *would* object > to is if *all* modules are required to support question (a): IMHO, > that's a policy decision that we shouldn't be making in this project. Correct. I just didn't want it explicitly denied. The advantage in providing the interface is that new filesystem support could be developed in user space and still provide the security called for by a particular module. The "filesystem" would not have to do ham handed things like changing uid/gid/privileges to access a file. ------------------------------------------------------------------------- Jesse I Pollard, II Email: pollardat_private Any opinions expressed are solely my own. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 05:21:57 PDT