Update.
I see that nd->flags might offer what I need. Does anyone
have any suggestions as to whether this is the way to go?
/kristofer
On Wed, 24 Sep 2003 18:26:49 -0400
"Kristofer Spinka" <kspinka@private> wrote:
>Hello, I am working a security module that utilizes the
>LSM framework. Thank you for the recent nameidata
>patches to inode_permission, this has been very valuable.
>
>How do I "hook" the may_open logic point? If I simply
>hook inode_permission, my function will be called for
>every dentry from the root to my inode. Depending on how
>the permission check is implemented, when not using per
>object tags, this can be terribly inefficient. Imagine
>/usr/local/tmp/my.file. Instead of one "strcmp", or
>whatever, we have to process four!
>
>If in fact this is the only behavior, can we discuss
>adding an additional hook point, file_open, that will be
>called with the same parameters as inode_permission, but
>only for the terminal inode/nameidata, not the whole path
>along the way? If there is an existing alternative,
>please let me know.
>
>Thank you,
>
> /kristofer
This archive was generated by hypermail 2b30 : Wed Sep 24 2003 - 16:47:25 PDT