On 1/16/2024 12:47 AM, Roberto Sassu wrote: > On Mon, 2024-01-15 at 19:15 +0000, Al Viro wrote: >> On Mon, Jan 15, 2024 at 07:17:57PM +0100, Roberto Sassu wrote: >>> From: Roberto Sassu <roberto.sassu@xxxxxxxxxx> >>> >>> In preparation for moving IMA and EVM to the LSM infrastructure, introduce >>> the file_release hook. >>> >>> IMA calculates at file close the new digest of the file content and writes >>> it to security.ima, so that appraisal at next file access succeeds. >>> >>> An LSM could implement an exclusive access scheme for files, only allowing >>> access to files that have no references. >> Elaborate that last part, please. > Apologies, I didn't understand that either. Casey? Just a hypothetical notion that if an LSM wanted to implement an exclusive access scheme it might find the proposed hook helpful. I don't have any plan to create such a scheme, nor do I think that a file_release hook would be the only thing you'd need. > > Thanks > > Roberto >
