[OpenAFS-devel] OpenAFS Development
Alexander Boström
abo@kth.se
Mon, 28 Jun 2004 01:50:34 +0200
sön 2004-06-27 klockan 23.06 skrev Jack Neely:
> I like the idea that the Arla folks have
> used, first try a better system for pags, if that fails, fall back on
> hooking the sys_call_table.
Even if hooking the syscall table fails we can still put PAG information
in the groups field, but it will be lost if userland calls setgroups.
BTW, for Linux 2.6 Arla currently uses one group with a very large id to
store the PAG number instead of using two groups within the 16 bit
range. Good, bad?
> Is the LSM still worth looking at? Would it prove to other folks that
> we are trying in good faith to work toward a better system? I think the
> answer to both questions is the same. Hell, I'd run the code.
If the kernel developers agree that implementing PAGs through LSM is a
good idea then maybe we can get the right hooks into SELinux.
/abo