On Mit, 04 Jul 2001 Crispin Cowan wrote: > I'd like to better understand this suggestion. Various modules (DTE, > SubDomain) really do need the absolute path of the file being accessed. If > there is not a hook that provides that information, then there needs to be a > way to reconstruct the info. I'm assuming that "Doug's suggestion" is such a > means? The more general term might be 'access the parent object from anywhere', by which the absolute path can be reconstructed. Doug's suggestion of placing new pointers to parents is a possible solution. (Did I get that right?) Currently, RSBAC for 2.4 kernels keeps such a pointer internally. As an example, several RSBAC models combine values from an explicit label with those from an inherited (implicit) one to get the final values. For this, access to all parent dentries (up to /) from the current context is enevitable. Amon. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jul 05 2001 - 19:35:34 PDT