Peter Zijlstra wrote: > Like said, having the filesystem block actions based on external > processes seems just asking for trouble. I can't see anything wrong with that. In fact, moving policy into userland seems like the correct approach anyway. IOW, the fact that the kernel is dealing with policy all over the place is completely flawed. What we really need, is to take the hard-coded policy burden out of the kernel, and pipe all requests into dynamically configurable userland. Which implies a "Kernel Event Notification Subsystem" that would by default allow requests for root, and deny them for others, unless there is a userland daemon that would respond differently within a timeout period. Thanks! -- Al -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
