Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks

From: Christoph Hellwig
Date: Fri Sep 03 2004 - 09:11:59 EST

Next message: Mikael Pettersson: "Re: PROBLEM: Full CPU-usage on sis5513-chipset disc input/output-operations"
Previous message: Spam: "Re: The argument for fs assistance in handling archives"
In reply to: Kristian Sørensen: "Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks"
Next in thread: Kristian Sørensen: "Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Sep 03, 2004 at 03:20:55PM +0200, Kristian Sørensen wrote:
> But we do not have a struct file - just an inode or a dentry :((

Then you can't generate a full path.

> We are working on a project called Umbrella, (umbrella.sf.net) which
> implements processbased mandatory accesscontrol in the Linux kernel.
> This access control is controlled by "restriction", e.g. by restricting
> some process from accessing any given file or directory.
>
> E.g. if a root owned process is restricted from accessing /var/www, and
> the process is compromised by an attacker, no mater what he does, he
> would not be able to access this directory.

mount --bind /var/www /home/joe/p0rn/, and then?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mikael Pettersson: "Re: PROBLEM: Full CPU-usage on sis5513-chipset disc input/output-operations"
Previous message: Spam: "Re: The argument for fs assistance in handling archives"
In reply to: Kristian Sørensen: "Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks"
Next in thread: Kristian Sørensen: "Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]