* Charles Levert (chuckat_private) wrote: > On Wed, Sep 03, 2003 at 12:10:44PM -0700, Chris Wright wrote: > > A similar hook was removed earlier this year in favor of the > > d_instatiate hook. Couple questions: 1) have you looked at the thread > > and verified that you dont' have the same problems? > > Can you send a link to this thread? http://mail.wirex.com/pipermail/linux-security-module/2002-December/3928.html > > > 2) can't the data > > that you are getting during post_lookup be associated with the inode and > > stored as xatrr on-disk? > > This would mean something like storing the identity of all parents (and > grandparents) of an inode for every one of its paths. I don't think > it's workable. Remember that all I need is the ability to cross mountpoints. > That would mean storing information on one filesystem about another filesystem, > assuming there always mounted the same way. No. This sounds like multiple mountpoints and bind mounts (both of which can be specific to the processes namespace) will be problematic for you. > > On a similar note, since Trond's intents patch the permission hook now > > has nameidata available. I'd like to update the API to use nameidata > > where apropos. Would this help? > > Is that file_permission or inode_permission? What would be its prototype? int inode_permission(struct nameidata *nd, int mask); thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Sep 03 2003 - 14:24:44 PDT