Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks

[Kristian Sørensen]

Christoph Hellwig wrote:
> On Fri, Sep 03, 2004 at 02:38:12PM +0200, Kristian Sørensen wrote:
>
> > Is there another way to get it? We also get an inodepointer from the LSM 
> > hook. As far as I know, the file struct has an entry called vfs_mount, 
> > which has an entry called root_mnt - could this be used? (and if so, how 
> > do I get from the Inode to the file struct? :-/ )
>
>
> Witch a struct file you can use d_path which gives you a canonical path
> in the _current_ _namespace_.
But we do not have a struct file - just an inode or a dentry :((


> What do you want to do with the path anyway?
We are working on a project called Umbrella, (umbrella.sf.net) which 
implements processbased mandatory accesscontrol in the Linux kernel. 
This access control is controlled by "restriction", e.g. by restricting 
 some process from accessing any given file or directory.

E.g. if a root owned process is restricted from accessing /var/www, and 
the process is compromised by an attacker, no mater what he does, he 
would not be able to access this directory.


KS
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/