Re: security module question

From: Eric Paris
Date: Thu Aug 06 2009 - 14:38:27 EST

Next message: John W. Linville: "Re: WARNING: at net/mac80211/mlme.c:2292ieee80211_sta_work+0x97/0xd2d [mac80211]()"
Previous message: John W. Linville: "Re: [PATCH] pci_ids.h: add new Atheros USB vendor ID"
In reply to: James Morris: "Re: security module question"
Next in thread: Shaya Potter: "Re: security module question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2009-08-05 at 12:02 +1000, James Morris wrote:
> On Tue, 4 Aug 2009, Justin Banks wrote:
>
> > Hello - I'm trying to implement a security module that will allow or
> > disallow writes on files by byte ranges. Is there a way to use
> > inode_permission() to do this, or is there an alternative route I should
> > take? It doesn't look like inode_permission() will give me the data I
> > need (offset + length of write).

There is nothing that can do that. Neither fanotify nor the LSM.
Biggest problem is mmap.....

I think there was past kernel module which did this, but I don't
remember what they were called. Nothing which tracks this and could be
used was ever reasonable for the mainline kernel.

-Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: John W. Linville: "Re: WARNING: at net/mac80211/mlme.c:2292ieee80211_sta_work+0x97/0xd2d [mac80211]()"
Previous message: John W. Linville: "Re: [PATCH] pci_ids.h: add new Atheros USB vendor ID"
In reply to: James Morris: "Re: security module question"
Next in thread: Shaya Potter: "Re: security module question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]