richard offer wrote: >But the argument was that fds are not useful for any policy. No, I think you're mis-stating the argument. (At least, that wasn't *my* argument.) The argument was that there seems to be little reason to pass the fd into, for example, the read() hook. I can't think of a plausible access control policy that this is necessary for. >The policy could have been implemented by using the fd parameters to the >file_ops hooks and revoking access on read/write, but that would have meant >adding new hooks (open/post_open/close) and misleading since this was the >obvious way of implementing the policy (that's how Solar impemented it). I >was honest. > >I can't win. I hope I don't have to say that the LSM list is not about whose ideas win -- it is about a joint endeavour to learn how best to support access control policies in Linux. The more we learn about this, the more we all win. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 10:50:04 PDT