Hi, My name is Chris, and i'm trying to implement a new acl model for linux via the lsm kernel interface. Permitting read, write, mkdir ... works fine this way, but operations that need cap_fowner like chmod and chown cant be overriden with the lsm hooks. To allow chown by foreign (not root and not owner) users, i created a post_setxattr hook that calls inode_change_notify when an xattr set operation with name "security.owner" and his uid as value was made. I could extend this for all operations that need fowner, but this would double the space needed for the stat data, and ii wouldnt be nice. Do you think, that a patch with a new xattr handler, that calls only functions from the lsm interface, but doesnt store anything on disk would be accepted into the kernel. Another feature of this approach would be, that keeping ea and real stat data in sync is easier. If this seems interesting to you, i would start coding soon. Thanks in advance Chris
This archive was generated by hypermail 2.1.3 : Tue Sep 13 2005 - 12:49:25 PDT