Re: [Fireflier-devel] Re: [RESEND][RFC][PATCH 2/7] implementationofLSM hooks

[David Lang]

On Tue, 18 Apr 2006, Alan Cox wrote:

> Subject: Re: [Fireflier-devel] Re: [RESEND][RFC][PATCH 2/7] implementationof
>     LSM hooks
>
> On Maw, 2006-04-18 at 23:13 +0300, Török Edwin wrote:
> > In the current version we intended to use mountpoint+inode to identify
> > programs. This reduces the potential problems from your list to: fd passing.
>
> Inode numbers are not constant on all file systems unless the file is
> currently open. That is a pain in the butt when you want to describe a
> file as well but it is how things work out.

could you take an approach similar to git, store the length and a hash of 
the first X amount of the file (for good performance say the first block, 
for best security say the entire file)? is there a hash that's cheap 
enough to calculate that this is reasonable? (although it would end up 
trashing the cpu cache in any case, loosing a bunch of the benifits of 
DMA)

David Lang

--
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
 -- C.A.R. Hoare

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/