Re: security module question

From: Shaya Potter
Date: Thu Aug 06 2009 - 14:57:53 EST

Next message: Greg KH: "Re: [RFC PATCH V2 1/2] introduce ALS sysfs class"
Previous message: Jan Kara: "Re: [PATCH 6/9] writeback: allow sleepy exit of default writebacktask"
In reply to: Eric Paris: "Re: security module question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Eric Paris wrote:
> On Wed, 2009-08-05 at 12:02 +1000, James Morris wrote:
>> On Tue, 4 Aug 2009, Justin Banks wrote:
>>
>>> Hello - I'm trying to implement a security module that will allow or
>>> disallow writes on files by byte ranges. Is there a way to use
>>> inode_permission() to do this, or is there an alternative route I should
>>> take? It doesn't look like inode_permission() will give me the data I
>>> need (offset + length of write).
>
> There is nothing that can do that. Neither fanotify nor the LSM.
> Biggest problem is mmap.....
>
> I think there was past kernel module which did this, but I don't
> remember what they were called. Nothing which tracks this and could be
> used was ever reasonable for the mainline kernel.

stackable file-system could do it (ala ecryptfs). You'd end up with
double page table usage (as they don't stack well), but you'd be able to
catch all mmap writes to disk.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "Re: [RFC PATCH V2 1/2] introduce ALS sysfs class"
Previous message: Jan Kara: "Re: [PATCH 6/9] writeback: allow sleepy exit of default writebacktask"
In reply to: Eric Paris: "Re: security module question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]