On Thu, 17 Oct 2002, Russell Coker wrote: > > What specific information differs per-operation, such that security > > identifiers cannot be stored internally inside a file handle? > > My previous message obviously wasn't clear enough. > > When you want to read or set the SID of a file handle then you need to pass in > a SID pointer or a SID. So fscking what? _Nothing_ of the above warrants a new syscall. There are struct file * attributes and there are descriptor attributes. Rather than excreting a new syscall you could look what already exists in the API. Frankly, SELinux has some interesting ideas, but interfaces are appalling. Either they've never cared about it, or they have no taste (or have, er, overriding manag^Wissues actively hostile to any taste). Take your pick. And don't get me started on access to file by inumber and other beauties in that excuse of an API. It wasn't designed. It happened. As in, "it happens". _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 14:53:02 PDT