On Tue, 2009-09-22 at 09:56 -0400, Christoph Hellwig wrote: > On Sun, Sep 20, 2009 at 09:30:48PM -0400, Eric Paris wrote: > > This new acc_mode flag is just to tell the security system this inode > > permission check is from the access system call. The security system can > > use this information as it finds appropriete. In particular SELinux plans to > > use this flag to alter what we choose to audit and what we do not choose to > > audit. > > I think you're better off splitting the existing MAY_ACCESS flag and > only using MAY_ACCESS for calles from access() insteaf of introducing > a FROM_ACCESS flag and causing lots of naming confusion. What would you think of a new, MUST_REVALIDATE_PERMS which will do what MAY_ACCESS does today. MAY_ACCESS would be just for access(2) and would be the flag that I use for SELinux? -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
