On Fri, 9 Nov 2001, Casey Schaufler wrote: > You are still ignoring non-filesystem objects. You have explained > how it all works on file system objects, but not on other objects. All three of the relevant LSM hooks are hooks on inodes, which are used to represent pipes, files, and sockets. Your security module can certainly determine whether a given inode represents a pipe, file, or a socket, and only apply the POSIX ACLs processing for files. SELinux has to distinguish whether a given inode represents a pipe, file, or a socket when it assigns a security identifier and a security class to the inode for later use in permission checks, so you can look at it for an example. Nothing too complex here. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Nov 09 2001 - 11:27:24 PST