* Christoph Klein (christophk@private-karlsruhe.de) wrote: > My name is Chris, and i'm trying to implement a new acl model for linux > via the lsm kernel interface. Permitting read, write, mkdir ... works > fine this way, but operations that need cap_fowner like chmod and chown > cant be overriden with the lsm hooks. To allow chown by foreign (not > root and not owner) users, i created a post_setxattr hook that calls They can, just poor granularity. Generally, LSM is a restrictive rather than permissive interface. > inode_change_notify when an xattr set operation with name > "security.owner" and his uid as value was made. I could extend this for > all operations that need fowner, but this would double the space needed > for the stat data, and ii wouldnt be nice. Didn't quite parse, but sounds like you'd want to replace fowner with checking that attr? This is akin to the type of checks that modules should do (w/out new hooks). Store relevant conext in inode, and check context against inode context when looking at access control. > Do you think, that a patch with a new xattr handler, that calls only > functions from the lsm interface, but doesnt store anything on disk > would be accepted into the kernel. You'd want it on disk, otherwise it can be lost when inode is reaped and re-read from disk. thanks, -chris
This archive was generated by hypermail 2.1.3 : Tue Sep 13 2005 - 12:55:55 PDT