* Stephen Smalley (sdsat_private) wrote: > > On Tue, 24 Apr 2001 Valdis.Kletnieksat_private wrote: > > > We may need another few hooks here and there - their logic is correct. > > I would suggest that a number (but not all) of the LSM hooks > need both pre- and post- hooks so that the module can both > authorize/deny the operation and maintain state. A simple > example is a file creation. In addition to calling a create > hook to authorize the operation before it occurs, we would need > a call to a postcreate hook after the operation to notify > the security module whether or not the create succeeded, > to allow the security module to set the security field of > the new inode struct appropriately, and to allow the security > module to update the persistent label mapping. We have similar filesystem needs. I have added a set of hooks that correlate to inode creation operations. Many of these hooks land in the same spot as the directory notification calls, which seems appropriate. (inode ops affected) create mknod mkdir symlink link rename is this sufficient for your needs? -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 11:19:53 PDT