* Stephen Smalley (sdsat_private) wrote: <snip> > Some possible solutions: > > 1) Change the computation of acc_mode in open_namei() to retain > the O_APPEND flag if it is in flags. In the permission() function, > call the LSM permission security hook with this expanded access mode so > that it can distinguish append access from write access. After calling > the LSM permission security hook, reduce the access mode to the > traditional read/write/execute modes before performing the normal > Linux checking (i.e. the call to the inode permission operation > or the call to vfs_permission). OR > > 2) Change the IS_APPEND (and IS_IMMUTABLE and perhaps other) macros to > also call a LSM security hook when the check is performed so that the > security module has the option of performing a check at this point based > on both the process and the file. Do you have a preference? -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue May 22 2001 - 14:19:31 PDT