Re: [PATCH] Call LSM functions outside VFS helper functions.
From: Matthew Wilcox
Date: Thu Apr 10 2008 - 08:17:53 EST
On Thu, Apr 10, 2008 at 09:02:57PM +0900, Tetsuo Handa wrote:
> If the conclusion became "vfsmount should not be passed to
> VFS helper functions", that's OK, but I want you to consider
> the below approach for AppArmor and TOMOYO Linux. This patch is a repost of
> http://kerneltrap.org/mailarchive/linux-fsdevel/2008/2/17/882024 .
I'm a little disappointed that you simply repost this patch rather than
responding to my post from yesterday:
> How about an approach which doesn't require the vfsmount to be passed
> down?
>
> When the rule is put in place, say "No modifications to /etc/passwd",
> look up the inode and major:minor of /etc/passwd. If there's a rename,
> look up the new inode number. If it's mounted elsewhere, it doesn't
> matter, they still can't modify it because it has the same
> major:minor:inode.
>
> Is this workable?
Could you respond to this please?
--
Intel are signing my paycheques ... these opinions are still mine
"Bill, look, we understand that you're interested in selling us this
operating system, but compare it to ours. We can't possibly take such
a retrograde step."
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/