* Stephen Smalley (sdsat_private) wrote: > > On Tue, 18 Sep 2001, Chris Wright wrote: > > > I agree that our fundamental need is to differentiate the use of > > the file_security_ops and inode_security_ops permission functions. I > > didn't think listing all uses would be useful, just confusing. In > > general the inode_ops check is an inode attribute check, whereas > > the file_ops is the check against the way the file was opened. Perhaps > > something as succinct as that would suffice. > > For SELinux (and I thought SubDomain), the file_security_ops permission > hook is used to revalidate permission to the file upon the actual > read/write operation since it may have been revoked (or in the case of > SubDomain, it may not be valid at present because of a change_hat). sorry, i meant in the kernel context, not the lsm context. > I've applied your earlier patch and then tried rewording the descriptions of > the two permission hooks to clarify the issue better. What do you think > of the new attached patch? I think this will be just fine (including the caveat patch ;-) -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 10:57:30 PDT