Re: A Comment from User Space

• Previous message: Stephen Smalley: "Re: A Comment from User Space"
• In reply to: Valdis.Kletnieksat_private: "Re: A Comment from User Space"
• Next in thread: Chris Wright: "Re: A Comment from User Space"
• Next in thread: Crispin Cowan: "Re: A Comment from User Space"
• Reply: Chris Wright: "Re: A Comment from User Space"
• Reply: David Wagner: "Re: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 24 Apr 2001 Valdis.Kletnieksat_private wrote:

> We may need another few hooks here and there - their logic is correct.

I would suggest that a number (but not all) of the LSM hooks
need both pre- and post- hooks so that the module can both
authorize/deny the operation and maintain state.  A simple
example is a file creation.  In addition to calling a create
hook to authorize the operation before it occurs, we would need
a call to a postcreate hook after the operation to notify
the security module whether or not the create succeeded,
to allow the security module to set the security field of 
the new inode struct appropriately, and to allow the security
module to update the persistent label mapping.

--
Stephen D. Smalley, NAI Labs
ssmalleyat_private






_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Stephen Smalley: "Re: Source Control"
• Previous message: Stephen Smalley: "Re: A Comment from User Space"
• In reply to: Valdis.Kletnieksat_private: "Re: A Comment from User Space"
• Next in thread: Chris Wright: "Re: A Comment from User Space"
• Next in thread: Crispin Cowan: "Re: A Comment from User Space"
• Reply: Chris Wright: "Re: A Comment from User Space"
• Reply: David Wagner: "Re: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 06:40:51 PDT