|Main Archive Page > Month Archives > linux-security-module archives|
Shaya Potter wrote:
>> I figure this might be just beating my head against a wall, as people
>> aren't interested, but here's a bit more of a roadmap on how I believe
>> path based security can be easily implemented with no changes to the
>> kernel besides the addition of a one or 2 more LSM hooks
It seems to me that your approach converts pathnames into tags (which is unlikely a string data). TOMOYO is using pathnames as one of factors for controlling whether the process is allowed to open/create/delete the requested pathnames or not. If pathnames are unavailable, that is no longer 'path based security' for TOMOYO.
I think one of easiest ways is to use
mnt_want_write()/mnt_drop_write() hooks ( http://lkml.org/lkml/2008/8/19/16 ).
Even though this patch doesn't use LSM, it's easy to convert hooks to LSM.
Regards, -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to email@example.com More majordomo info at http://vger.kernel.org/majordomo-info.html