Here's an interesting message I received. What do you think?
On Thu, Oct 24, 2002 at 10:45:44AM +0200, Russell Coker wrote:
> Currently sys_security is used to implement open_secure(),
> mkdir_secure(), etc which do this atomically.
This is just a random comment, but SE Linux could be the perfect
pretext for adding something I've always wished for: anonymous file
creation. Something like
fd = open("/var/log/syslog", O_ANONYMOUS);
chmod(fd, ...);
chown(fd, ...);
set_xattr(fd, ...);
write(fd, ...);
...
flink(fd, "/var/log/syslog");
The path in open is needed for setting defaults (eg, ACL) and for
specifying the backing. The flink part is poorly thought out; I'm
sure you can think of problems with it. But I suspect there is a
good solution in there somewhere.
It's sort of like how you create a socket before you connect it to
anything.
Given the resistence you're likely to encounter to new system calls,
this might actually be a more efficient path to the functionality
you want.
Just my musings.
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Oct 29 2002 - 04:12:14 PST