On Tue, 18 Apr 2006, Alan Cox wrote:
Subject: Re: [Fireflier-devel] Re: [RESEND][RFC][PATCH 2/7] implementationof
LSM hooks
On Maw, 2006-04-18 at 23:13 +0300, Török Edwin wrote:
In the current version we intended to use mountpoint+inode to identify
programs. This reduces the potential problems from your list to: fd passing.
Inode numbers are not constant on all file systems unless the file is
currently open. That is a pain in the butt when you want to describe a
file as well but it is how things work out.
could you take an approach similar to git, store the length and a hash of
the first X amount of the file (for good performance say the first block,
for best security say the entire file)? is there a hash that's cheap
enough to calculate that this is reasonable? (although it would end up
trashing the cpu cache in any case, loosing a bunch of the benifits of
DMA)
David Lang
--
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
-- C.A.R. Hoare
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]