Hello.I think link_path_walk() is not a good place to insert new LSM hooks for pathname based access control (AppArmor and TOMOYO) purpose because (1) The kernel don't know what operation (open/create/truncate etc.) will be done at the moment of link_path_walk(). (2) Not all operations call link_path_walk() before these operations are done. For example, ftruncate() doesn't call link_path_walk(). (3) The rename() and link() operations handle two pathnames. But, it is not possible to know both pathnames at the moment of link_path_walk(). I think we need to introduce new LSM hooks outside link_path_walk(). http://kerneltrap.org/mailarchive/linux-fsdevel/2008/2/17/882024 --
| debian developer | Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3 |
| Greg KH | [GIT PATCH] driver core patches against 2.6.24 |
| H. Peter Anvin | Re: [PATCH] x86: Construct 32 bit boot time page tables in native format. |
| Christoph Lameter | Re: [RFC 00/15] x86_64: Optimize percpu accesses |
git: | |
| Christoph Hellwig | Re: [PATCH 06/32] IGET: Mark iget() and read_inode() as being obsolete [try #2] |
| Jarek Poplawski | Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock(). |
| Gerrit Renker | [PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side) |
| David Miller | [GIT]: Networking |
