On Fri, 29 Jun 2001, Douglas Kilpatrick wrote: > A very good point was raised last night at the BOF about trying to > type files that do not yet exist. Apparently our DTE system hit > similar problems and the hack-around they used may work. > > They used something they called "HADB" for Heirachical Attribute > DataBase. Basically they kept a whole shadow tree of inodes in which > they kept types, and while most of the shadow inodes refered to real > inodes, they did not have to. > > So basically, You could add into your opaque security structure on the > inode a tree to represent the children that do not yet exist that you > want mappings for. At creation time you can look at the relative > name only to determine if this object is one you care about and assign > your type tags. This observation by Doug is also applicable even if you stay with implicit type assignment based on pathnames - it seems like you could eliminate the overlap between the existing post_create/mkdir/... hooks and your attach_pathlabel hook using Doug's suggested technique. Furthermore, it would be interesting to see if we could push some of the other attach_pathlabel hook calls down to lower-level lookup hook calls (patterned after the i_op->lookup routine and called after successful calls to that routine), again with DTE being able to assign types merely based on the parent directory's inode security object and the relative name of the newly looked up entry. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jul 02 2001 - 12:45:30 PDT