On Thu, Jul 19, 2001 at 10:15:33PM -0700, Crispin Cowan wrote: > > SubDomain does not allow confined programs to call mount or umount. SubDomain's > threat model is only concerned with confined processes and principals external to > the machine. Unconfined processes don't matter, because there either shouldn't be > any, or they are there for a reason and are trusted. Ok, so then all SubDomain has to contend with is handling hard links. But since I know that SubDomain only allows hard (and soft) links if they are specifically listed in a process's profile, no unknown links can be created by a process. So the inode that is passed to permission() should only have a dentry list containing 1 dentry. Reconstruct the path from that dentry, and bob's your uncle. But just to make sure, it would only take about 15 minutes to create a very small lsm module to verify this :) greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 08:34:25 PDT