Re: [ANNOUNCE][PATCH] New fs to control access to system resources

Greg KH (greg@kroah.com)
Fri, 18 Jan 2002 11:38:46 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rik van Riel: "Re: kswapd kills linux box with kernel 2.4.17"
Previous message: Davide Libenzi: "Re: Linux 2.5.3-pre1-aia1"

On Thu, Jan 17, 2002 at 10:26:51AM +0100, Andreas Ferber wrote:
>
> My concern was conceptual: accessfs is just another mechanism for
> access control to various ressources. As I understand it, LSM is
> intended to move /all/ access control logic into separate modules with
> a uniform interface to the kernel, so that you can choose whatever
> access control mechanism you want (or even rip out all access control,
> as for example some embedded applications don't need it). Clearly it's
> a long way until LSM actually gets to this point, but nevertheless
> it's the overall goal of the whole effort IMHO.

The LSM patch's goal is to only _allow_ you do add access control
mechanisms to the kernel easily.

This accessfs patch doesn't collide with that goal at all. If it gets
accepted into the kernel, people who write LSM based access control
modules need to remember to medaite access to the accessfs if they want
to. Since the LSM hooks are much lower in the vfs than accessfs, it is
a simple thing to add this kind of access mediation.

Hope this helps clear it up a bit.

thanks,

greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rik van Riel: "Re: kswapd kills linux box with kernel 2.4.17"
Previous message: Davide Libenzi: "Re: Linux 2.5.3-pre1-aia1"