On 8/28/07, Erik Mouw <mouw@xxxxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Mon, Aug 27, 2007 at 01:39:31PM -0400, Michael B Allen wrote: > > I would like to write a module that it seems to me is somewhat simple so > > I would like to know if such a thing already exists or if my understanding > > of the problem is perhaps warped. > > [security policy description] > > > Is anyone aware of something like this that I can start from? > > Sounds like SELinux already can do what you want. Hi Erik, I thought about SELinux but I dismissed it because it didn't seem like the right solution. But if you think it could work, I want to know more. Specifically, what is the access check that can determine if a process is a decendent of another process? There would need to be some code that walks up the process tree. Does policy have to be set by root or before the application starts or is there a C API that can be called by a library to create an SELinux policy at runtime? If the process is not a decendent I want the open(2) to still succeed but just return a new storage (file). I suppose I can work around that in userspace code but I would need to be able to set policy at runtime. Also, I've been searching around for some good SELinux documentation with limited success. Can you recommend something? Thanks, Mike > > > Erik > > - -- > They're all fools. Don't worry. Darwin may be slow, but he'll > eventually get them. -- Matthew Lammers in alt.sysadmin.recovery > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFG1IV+/PlVHJtIto0RApEqAJwPRJGGgDiO/pT2h3zkAp9Y85esCACeK5xG > E8dl+CVMcrE5FnYlttQmFGI= > =r4y3 > -----END PGP SIGNATURE----- > -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
