Re: attach_pathlabel

From: Stephen Smalley (sdsat_private)
Date: Tue Jul 03 2001 - 06:30:30 PDT

  • Next message: jmjonesat_private: "Re: Kernel Security Extensions USENIX BOF Summary"

    On Tue, 3 Jul 2001, Serge E. Hallyn wrote:
    
    > You may all thank Doug Kilpatrick for convincing me  :).  If anyone
    > else cares to leave the attach_pathlabel calls in, speak up now,
    > otherwise I recommend they all be taken out.
    >
    > I've been fighting mainly b/c once they are out, i suspected getting
    > them back in would be impossible, and it seemed that a generalized
    > security module interface should have the ability to determine
    > pathnames (at runtime), but I do buy the minimum intrusion argument,
    > and for my own purposes I'll just end up changing my implementation a
    > little more than I'd planned.
    
    Prior to removing the attach_pathlabel hooks, we should verify that
    we can provide equivalent functionality using lower-level lookup
    hooks (plus some additional processing at mount time to initialize
    the root inode for each file system so that you can do subsequent
    type assignments based on relative pathnames).  Speaking of which,
    what happened to the add_vfsmnt hook call?  It seems to have
    vanished in the 2.4.6-pre3 version.
    
    --
    Stephen D. Smalley, NAI Labs
    ssmalleyat_private
    
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 06:31:29 PDT