On Tue, Jan 25 2005, Elias da Silva wrote: > On Tuesday 25 January 2005 13:45, you wrote: > [snip] > : If I'm not mistaken, Peter Jones has posted a few iterations of such an > : fs some months ago. > > Thank you. I will check this... > > : > Do we have a clear understanding that this fs would only > : > be a benefit if *All* the different ways to access the device would > : > use the same policy enforcement and consistently allow or > : > disallow certain operations regardless of the access method? > : > : The command restriction table _only_ works through the SG_IO path, which > : does include CDROM_SEND_PACKET as well since it is layered on top of > : SG_IO. It doesn't control various driver ioctl exported interfaces, they > : would need to add a callback to verify_command() for permission checks. > > Hmm... what exactly does that mean? Who is ment by "_they_ would need..."?
It refers back to 'various driver ioctl' earlier, so it refers to the driver itself. -- Jens Axboe - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
