Hello. Can I read archive of the discussion of this topic from the beginning? I felt that this topic might be an opportunity of proposing my execute handler approach. In TOMOYO LSM (out of tree version), administrator can specify a program called execute handler which should be executed on behalf of a program requested by execve(). The specified program performs validation (e.g. whether argv[]/envp[] are appropriate) and setup (e.g. redirect file handles) before executing the program requested by execve(). Conceptually execute handler is something like #!/bin/sh test ... || exit 1 test ... || exit 1 test ... || exit 1 exec ... which would in practice be implemented using C like https://osdn.net/projects/tomoyo/scm/svn/blobs/head/tags/ccs-tools/1.8.5p1/usr_lib_ccs/audit-exec-param.c . It is not difficult to implement the kernel side as well. Regards. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
