Re: [AppArmor 32/45] Enable LSM hooks to distinguish operations on file descriptors from operations on pathnames

[John Johansen]

On Fri, Oct 26, 2007 at 01:30:52PM +0200, Miklos Szeredi wrote:
> On Thu, 2007-10-25 at 23:40 -0700, jjohansen@xxxxxxx wrote:
> > plain text document attachment (file-handle-ops.diff)
> > Struct iattr already contains ia_file since commit cc4e69de from 
> > Miklos (which is related to commit befc649c). Use this to pass
> > struct file down the setattr hooks. This allows LSMs to distinguish
> > operations on file descriptors from operations on paths.
> 
> There's a slight problem (other than HCH not liking it) with this
> approach of passing the open file in iattr:  for special files, the
> struct file pointer makes no sense to the filesystem, since it is always
> opened by the generic functions.
> 
true

> This wasn't a problem with ftruncate(), because that one only works on
> regular files, but fchmod/fchown/futimes will work on special files as
> well, and the filesystem interpreting file->private_data could cause
> nasty bugs. 
> 
> So I think the correct solution (which was suggested by Trond and
> others) is to define an f_op->fsetattr() method, which interested
> filesystems can define.
> 
yeah that does sound like the way to go, thank Miklos

regards
john

Attachment: pgp00000.pgp
Description: PGP signature