Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > YES! I'm trying to decide if that's fervour or irritation at this point ;-) > And it would be really great if you put some thought into what > a rational model would be for UID based controls, too. I have put some thought into it, but I don't see a single rational model. It depends very much on the situation. In any case, that's what I was referring to when I said I might need to call inode_permission(). But UIDs don't exist for all filesystems, for example, and there are no UIDs on superblocks, mount objects or hardware events. Now, I could see that you ignore UIDs on things like keys and hardware-triggered events, but how does this interact with things like mount watches that see directories that have UIDs? Are you advocating making it such that process B can only see events triggered by process A if they have the same UID, for example? David
