Any access control mechanism that allow exceptions?

From: Xin Zhao
Date: Sat Aug 06 2005 - 02:09:37 EST

Next message: Zachary Amsden: "[PATCH 1/8] Move MSR accessors into the sub-arch layer"
Previous message: Zachary Amsden: "Re: [PATCH 1/1] i386 Encapsulate copying of pgd entries"
Next in thread: Henrik Kretzschmar: "Re: Any access control mechanism that allow exceptions?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I want to lock down a directory to be read-only, say, /etc, for system
security. Unfortunately, some valid system tools might need to
create/modified files like "/etc/dhclient-eth0.conf". To avoid
disrupting the normal running of those tools, I might have to allow
certain files to be created under /etc.

Is there any way that allows me to specify what files are allowed to
be created while locking down the whole directory at most of the time?

I think of adding an exception list as extend attributes of Ext3
filesystem, and changes the Ext3 filesystem to enforce the policy. But
this method looks awful.

Any elegant way to achieve this goal?

Thanks

xin
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Zachary Amsden: "[PATCH 1/8] Move MSR accessors into the sub-arch layer"
Previous message: Zachary Amsden: "Re: [PATCH 1/1] i386 Encapsulate copying of pgd entries"
Next in thread: Henrik Kretzschmar: "Re: Any access control mechanism that allow exceptions?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]