Re: Authoritative Hooks

From: Stephen Smalley (sdsat_private)
Date: Fri Nov 09 2001 - 11:26:04 PST

  • Next message: Casey Schaufler: "Re: Authoritative Hooks"

    On Fri, 9 Nov 2001, Casey Schaufler wrote:
    > You are still ignoring non-filesystem objects. You have explained
    > how it all works on file system objects, but not on other objects.
    All three of the relevant LSM hooks are hooks on inodes, which are used to
    represent pipes, files, and sockets.  Your security module can certainly
    determine whether a given inode represents a pipe, file, or a socket, and
    only apply the POSIX ACLs processing for files.  SELinux has to
    distinguish whether a given inode represents a pipe, file, or a socket
    when it assigns a security identifier and a security class to the inode
    for later use in permission checks, so you can look at it for an example.
    Nothing too complex here.
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Fri Nov 09 2001 - 11:27:24 PST