Quoting Chris Wright (chrisat_private): > * Stephen Smalley (sdsat_private) wrote: > > fs/namei.c: I would have suggested a hook after each successful > > call to i_op->lookup to allow the security module to > > set the security field of the inode when it is first looked up > > (since useful information like its inode number and mode should > > then be available, which isn't available in get_new_inode > > after the read_inode call for many file system types). But I'm not sure > > how to sync that with Serge's attach_pathlabel hooks - it seems like we > > may be trying to provide the same functionality but > > on different levels (inode-based vs. pathname-based). > > It also seems like Serge's attach_pathlabel hooks > > overlap somewhat with the idea of post-create hooks, > > but again dealing at different levels - the vfsmount isn't > > available in the vfs_create/mkdir/etc routines. Exactly. Of course, if the location of the attach_pathlabel calls following vfs_create and its kin were acceptable to all for a post-create hook, then the attach_pathlabel could be replaced, and I'd just attach the same code to the post_create stub as to attach_pathlabel. Unfortunately, I'm not sure there's a clean way to reconcile the calls after i_op->lookup. > yeah Serge's pathlable hooks are often near the post-create hooks. it would > be nice to collapse these if possible. -serge _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Apr 25 2001 - 20:23:01 PDT