On Tue, 3 Jul 2001, Serge E. Hallyn wrote: > You may all thank Doug Kilpatrick for convincing me :). If anyone > else cares to leave the attach_pathlabel calls in, speak up now, > otherwise I recommend they all be taken out. > > I've been fighting mainly b/c once they are out, i suspected getting > them back in would be impossible, and it seemed that a generalized > security module interface should have the ability to determine > pathnames (at runtime), but I do buy the minimum intrusion argument, > and for my own purposes I'll just end up changing my implementation a > little more than I'd planned. Prior to removing the attach_pathlabel hooks, we should verify that we can provide equivalent functionality using lower-level lookup hooks (plus some additional processing at mount time to initialize the root inode for each file system so that you can do subsequent type assignments based on relative pathnames). Speaking of which, what happened to the add_vfsmnt hook call? It seems to have vanished in the 2.4.6-pre3 version. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 06:31:29 PDT