Re: Documentation for inode security hooks

From: Chris Wright (chrisat_private)
Date: Tue Sep 18 2001 - 10:55:53 PDT

  • Next message: Stephen Smalley: "[PATCH] documentation for module and netdev hooks"

    * Stephen Smalley (sdsat_private) wrote:
    > 
    > On Tue, 18 Sep 2001, Chris Wright wrote:
    > 
    > > I agree that our fundamental need is to differentiate the use of
    > > the file_security_ops and inode_security_ops permission functions.  I
    > > didn't think listing all uses would be useful, just confusing.  In
    > > general the inode_ops check is an inode attribute check, whereas
    > > the file_ops is the check against the way the file was opened.  Perhaps
    > > something as succinct as that would suffice.
    > 
    > For SELinux (and I thought SubDomain), the file_security_ops permission
    > hook is used to revalidate permission to the file upon the actual
    > read/write operation since it may have been revoked (or in the case of
    > SubDomain, it may not be valid at present because of a change_hat).
    
    sorry, i meant in the kernel context, not the lsm context.
    
    > I've applied your earlier patch and then tried rewording the descriptions of
    > the two permission hooks to clarify the issue better.  What do you think
    > of the new attached patch?
    
    I think this will be just fine (including the caveat patch ;-)
    
    -chris
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 10:57:30 PDT