Crispin Cowan wrote: >In SubDomain, we need to know the absolute path name of a file that a >process is trying to open. Would you consider the following strategy? If you want to support denying access to all pathnames that match /var/log/*, then rather than trying to reconstruct the pathname to open() and pattern-matching, maybe one alternative could be to monitor the directory traversal (is this lookup_dentry() or somesuch?) and deny access preemptorily as soon as you see an access to the directory "/var/log". This only works if you want to support very simple styles of pathname wildcarding, of course, but it has the advantage of being simple and taking advantage of the kernel's existing pathname->inode resolution logic (rather than having to re-implement your own). Would this work for you? _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 22:32:03 PDT