Re: A Comment from User Space

From: Stephen Smalley (sdsat_private)
Date: Tue Apr 24 2001 - 06:38:35 PDT

  • Next message: Stephen Smalley: "Re: Source Control"

    On Tue, 24 Apr 2001 Valdis.Kletnieksat_private wrote:
    
    > We may need another few hooks here and there - their logic is correct.
    
    I would suggest that a number (but not all) of the LSM hooks
    need both pre- and post- hooks so that the module can both
    authorize/deny the operation and maintain state.  A simple
    example is a file creation.  In addition to calling a create
    hook to authorize the operation before it occurs, we would need
    a call to a postcreate hook after the operation to notify
    the security module whether or not the create succeeded,
    to allow the security module to set the security field of 
    the new inode struct appropriately, and to allow the security
    module to update the persistent label mapping.
    
    --
    Stephen D. Smalley, NAI Labs
    ssmalleyat_private
    
    
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 06:40:51 PDT