On Wed, 2007-08-15 at 13:22 -0400, Kyle Moffett wrote: > On Aug 15, 2007, at 13:09:31, Marc Perkel wrote: > > The idea is that people have permissions - not files. By people I > > mean users, groups, managers, applications > > etc. One might even specify that there are no permission > > restrictions at all. Part of the process would be that the kernel > > load what code it will use for the permission system. It might even > > be a little perl script you write. > > > > Also - you aren't even giving permission to access files. It's > > permission to access name patterns. One could apply REGEX masks to > > names to determine permissions. So if you have permission to the > > name you have permission to the file. > > Please excuse me, I'm going to go stand over in the corner for a minute. > > *hahahahahaa hahahahahaaa hahaa hoo hee snicker sniff* > > *wanders back into the conversation* > > Sorry about that, pardon me. > > I suspect you will find it somewhat hard to convince *anybody* on > this list to put either a regex engine or a Perl interpreter into the > kernel. I doubt you could even get a simple shell-style pattern > matcher in. First of all, both of the former chew up enormous gobs > of stack space *AND* they're NP-complete. You just can't do such > matching even in polynomial time, let alone something that scales > appropriately for an OS kernel like, say, O(log(n)).
Already been done. Take a look at "AppArmor" aka "Immunix". - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
