Multiple calls to inode_permission

From: Kristofer Spinka (kspinka@private)
Date: Wed Sep 24 2003 - 15:26:49 PDT

  • Next message: Spinka, Kristofer: "Re: Multiple calls to inode_permission"

    Hello, I am working a security module that utilizes the 
    LSM framework.  Thank you for the recent nameidata patches 
    to inode_permission, this has been very valuable.
    How do I "hook" the may_open logic point?  If I simply 
    hook inode_permission, my function will be called for 
    every dentry from the root to my inode.  Depending on how 
    the permission check is implemented, when not using per 
    object tags, this can be terribly inefficient.  Imagine 
    /usr/local/tmp/my.file.  Instead of one "strcmp", or 
    whatever, we have to process four!
    If in fact this is the only behavior, can we discuss 
    adding an additional hook point, file_open, that will be 
    called with the same parameters as inode_permission, but 
    only for the terminal inode/nameidata, not the whole path 
    along the way?  If there is an existing alternative, 
    please let me know.
    Thank you,

    This archive was generated by hypermail 2b30 : Wed Sep 24 2003 - 15:27:29 PDT