> Basically, this file contains a list of descriptions of allowed and
> non-allowed accesses, with wildcarding allowed. You could base things
> on the name of the file (including path), the user and group of the
> person trying the access, the type of accesses they were requesting,
> and what program was trying the access.
>
> The system only checked the access file if the access was not otherwise
> allowed.
I thought about this, and it might be doable in userspace.
Imagine:
In libc, if you see EPERM on open, send request for 'system opener
daemon (running at root)' using unix domain socket. If sysopend sees
you have permission, it passes you opened fd through that socket. Is
that doable?
Pavel
-- I'm really pavel@atrey.karlin.mff.cuni.cz. Pavel Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/