[Central capability database]
> Oooohhhh... Nice concept... So, if it were to implemented on
> Linux would we have to bind to dentries pre-init, then?
> Or do we bind to inodes post-init?
It would have to be post-init, I would think. The capabilities database
would have to live on disk somewhere, and would presumably need to be
loaded into the kernel with some sort of helper program.
I can't be accused, however, of having spent too much time thinking through
how an implementation would actually be done...
> Also, how would we handle overmount conditions, such as:
Presumably the database, as stored in the kernel, would tie to both the
device and inode numbers. It clearly can't work with just the file name
alone. Some sort of direct attachment to a (permanently) in-core inode or
dentry structure probably makes the most sense - it's where you would need
to find it when the program is executed. But, again, I've not thought
about how you would actually implement it.
Jonathan Corbet, Eklektix, Inc.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to firstname.lastname@example.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 29 2000 - 21:00:13 EST