Re: Documentation for inode security hooks

• Previous message: Chris Wright: "Re: [PATCH] IP networking documentation"
• In reply to: Wayne Salamon: "Documentation for inode security hooks"
• Next in thread: Wayne Salamon: "Re: Documentation for inode security hooks"
• Reply: Wayne Salamon: "Re: Documentation for inode security hooks"
• Reply: Stephen Smalley: "Re: Documentation for inode security hooks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Wayne Salamon (wsalamonat_private) wrote:
> 
>   Attached is a patch to add documentation for the inode security hooks,
> and a small fix for post_addmount.

how about these minor changes to your patch?
-chris

--- security.h	Mon Sep 17 14:48:41 2001
+++ security.h.cmw	Mon Sep 17 14:46:52 2001
@@ -563,15 +563,16 @@
 	int (* follow_link) (struct dentry *dentry, struct nameidata *nd);
 
 	/**
-	 * permission - check permission when accessing a file
+	 * permission - check permission when accessing an inode
 	 * @inode: inode structure to check
 	 * @mask: permission mask
 	 * 
 	 * called: permission <fs/namei.c>
 	 * 
-	 * Check permission before accessing a file.
-	 * This hook is called when a file is opened, whereas
-	 * the file_security_ops hooks are used to mediate access
+	 * Check permission before accessing an inode.  This hook is
+	 * called when an inode is opened, is a directory element in a
+	 * pathname or is a parent directory for inode creation/deletion,
+	 * whereas the file_security_ops hooks are used to mediate access
 	 * when the actual read/write operations are performed.
 	 * Return 0 if permission is granted.
 	 */
@@ -652,7 +653,7 @@
 
 struct file_security_ops {
 	/**
-	 * permission - check permission when accessing a file
+	 * permission - check permission when accessing an open file
 	 * @file: file structure being accessed
 	 * @mask: requested permissions
 	 *
@@ -666,10 +667,11 @@
 	 * called: sys_sendfile <mm/filemap.c>
 	 * called: sys_sendfile <mm/filemap.c>
 	 *
-	 * Check file permissions before accessing a file.
+	 * Check file permissions before accessing an open file.
 	 * This hook is called to check permission for the actual 
 	 * read/write operations, whereas the inode_security_ops
-	 * permission hook is called when the file is opened.
+	 * permission hook is called when the file is opened or
+	 * during directory access.
 	 * Return 0 if permission is granted.
 	 */
 	int (*permission) (struct file * file, int mask);

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Wayne Salamon: "Re: Documentation for inode security hooks"
• Previous message: Chris Wright: "Re: [PATCH] IP networking documentation"
• In reply to: Wayne Salamon: "Documentation for inode security hooks"
• Next in thread: Wayne Salamon: "Re: Documentation for inode security hooks"
• Reply: Wayne Salamon: "Re: Documentation for inode security hooks"
• Reply: Stephen Smalley: "Re: Documentation for inode security hooks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Sep 17 2001 - 14:49:42 PDT