Some time ago I tried to use append-only immutible files and found the
experience quite frustrating. I'll use append-only as an example of why.
Suppose you have syslogd writing to logfiles which are append-only. At
some point, you will want to rotate those logfiles. Currently, this
requires removing the append-only flag, rotating the file, and setting
the flag again. Obviously, there is an opporunity for a race, which is
Not Good (TM).
My attempts at using immutible files have also been complicated. I had
to prepare the file inside a private directory since I wanted to
change its contents. Then I set the immutible flag, but once the
immutible flag was set, I couldn't move the file into its final location.
This results in having to keep the extra directory for no particularly
good reason.
The behaviour I want is for the append-only and immutible flags to
only affect exactly those processes which do not have
CAP_LINUX_IMMUTABLE set. This doesn't change the security properties
of these flags since the processes that can override the flags are
precisely those which could have removed the flag anyway.
If there are no objections, I'll construct a patch to do this.
Peter
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 15 2000 - 21:00:15 EST