Hi, As commented yesterday, I was going to release a few more hooks for some *critical* syscalls, this one adds a hook to sys_chmod(), and makes us able to apply checks and logics before releasing the operation to sys_chmod(). The main goal is to provide a simple way to handle chmod() calls and apply security restrictions & checks to them, and also add add auditing capabilities (ie.: log chmod() calls in chroot()'ed environments, etc). Patch attached and available at: http://pearls.tuxedo-es.org/patches/sys_chmod_lsm-hook-2.6.11-rc3.patch I would like to see this merged, Chris should decide :) An user of this will be, as commented in my past emails, vSecurity 0.2 release, and any other LSM module that wants to have control over chmod()'ing. I will make available another hook for sys_fchmod() ASAP. Cheers and thanks in advance, -- Lorenzo Hernández García-Hierro <lorenzo@private> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
This archive was generated by hypermail 2.1.3 : Tue Feb 08 2005 - 08:15:32 PST