|Main Archive Page > Month Archives > linux-security-module archives|
Casey Schaufler wrote:
> Shaya Potter wrote:
>> I figure this might be just beating my head against a wall, as people >> aren't interested, but here's a bit more of a roadmap on how I believe >> path based security can be easily implemented with no changes to the >> kernel besides the addition of a one or 2 more LSM hooks >>
> I think you are unlikely to convince many people until you can produce
> code that demonstrates the viability of your scheme. I am curious to see
> how well your cookie scheme works.
I know, I hope to get to it, but busy trying to finish my phd. I hope to proceed in a few steps which should make it easy for people to plug things in
might take a little bit of time though even though each step is relatively easy.
in re a bit more detail on #1 and #2, do these changes seem reasonable
Thoughts on the best location within the lookup() code paths? with a stackable fs it was easy as I could just provide my own revalidate function. As do_revalidate() is only called if ->d_revalidate() exists.
thought would be to push
if (dentry && dentry->d_op && dentry->d_op->d_revalidate)
check into do_revlidate() itself and have it just return dentry if d->revalidate doesn't exist.
ideas on best location for ensuring "up to dateness" of dentry would be most appreciated.
shaya -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to email@example.com More majordomo info at http://vger.kernel.org/majordomo-info.html