Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks

From: Kristian Sørensen
Date: Sat Sep 04 2004 - 14:07:15 EST

Next message: Ingo Molnar: "[patch] voluntary-preempt-2.6.9-rc1-bk4-R4"
Previous message: Alex Deucher: "Re: New proposed DRM interface design"
In reply to: Kristian Sørensen: "Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks"
Next in thread: Alan Cox: "Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just forgot something:

Horst von Brand wrote:

furthermore, you could specify that attachments executed _from_ the emailprogram would not have access to the network.

I.e., no child of the email program could access the network, not even to
answer a message. Sounds restrictive.

You misunderstood this. The restrictions are introduced by a "restricted fork", to which you specify the restrictions the mext process should have + those inherited from the parent. So if you execute an attachment from the thread that views the email, THIS should be restricted from e.g. addressbook and network.

Anyway, when you answer a message - in most cases you put the message in an "outbox", which the main thread of the mail program sends, when told to, and as the main thread is not restricted from the network (supprise!) it will succeed in sending the mails.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "[patch] voluntary-preempt-2.6.9-rc1-bk4-R4"
Previous message: Alex Deucher: "Re: New proposed DRM interface design"
In reply to: Kristian Sørensen: "Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks"
Next in thread: Alan Cox: "Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]