Re: Audit patch split into 5 parts

• Previous message: KRAMER,STEVEN (HP-USA,ex1): "RE: File descriptors: LSM should support them in phase 1."
• In reply to: Seth Arnold: "Re: Audit patch split into 5 parts"
• Next in thread: Valdis.Kletnieksat_private: "Re: Audit patch split into 5 parts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* frm sarnoldat_private "07/24/01 17:28:39 -0700" | sed '1,$s/^/* /'
*
* On Tue, Jul 24, 2001 at 04:01:24PM -0700, richard offer wrote:
*> sgi-1-add-fds
* 
*> sgi-5-truncate
*> ==============
*> 
*> A separate patch since I'm not sure about this, what with all the inode
*> vs name discussion. We really want the name, the truncate() hook is
*> passed an inode. We've added the name as well, but this is api sticks
*> out like a sore thumb. It would be nice if we could come up with a
*> generic solution for the all of the inode hooks, and just happen to fix
*> this one at the same time...
* 
* Now, on this one, I am utterly confused. You guys change the prototype
* but then hardcode one of the parameters to NULL in the only call? :) 

The truncate hook hasn't been placed in fs/open.c yet, it was in the
original code (the first bumper patch we released that had everything).

Since then we've stepped back and not added any new hooks or placements,
just changed the hook prototypes to something suitable for our needs. 

If its needed to justify the change in hook prototype I can add the hook to
fs/open.c, but I'd rather we used this as another example of names vs
inodes to try and come up with a general solution.

* I
* also don't understand why the file offset is included. Is it really
* needed? (Especially considering that the results are going to be
* 'fuzzy', i.e., the results are unspecified in certain cases. Yes, I know
* Linux will tend to do one thing consistently, but the applications
* running on top of Linux may be coded to try several different things for
* platform compatibility reasons.. I just don't see this value being
* useful to anyone ever. :)

The parameter is available, we'd like to record it as the operation is
modifying an object on the system.

* 
* I am far from convinced that this is more than a mistake. :) Heheh.
* 
* Thanks richard.
* 

-----------------------------------------------------------------------
Richard Offer                     Technical Lead, Trust Technology, SGI
"Specialization is for insects"
_______________________________________________________________________


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Chris Vance: "Re: Patch: Socket hooks"
• Previous message: KRAMER,STEVEN (HP-USA,ex1): "RE: File descriptors: LSM should support them in phase 1."
• In reply to: Seth Arnold: "Re: Audit patch split into 5 parts"
• Next in thread: Valdis.Kletnieksat_private: "Re: Audit patch split into 5 parts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 07:34:54 PDT