Frantisek Hrbata wrote: > I have prepared the Dazuko Filter patch for Dazuko 2.2.0. Could you please > check it?
Hi, I looked at the patch. It should work ok, but there are some things I want the RedirFS integration to be a bit differently (so that it is more efficient). The integration should be similar to the RSBAC integration. Since this would result in a lot of copy/paste code, I will think about a way to restructure the code so that this does not happen. (After all, Linux support should only be implemented once.) I also don't want to patch dazuko_core.c with RedirFS-specific code. Dazuko_Core is a cross platform layer that shouldn't include such ifdef's. However, I need to add hooks to the core, so that include/exclude paths can be handled by external modules. All of this shouldn't be too much work and will result in a cleaner support for RedirFS. Until then, the patch looks like it would work just fine. One comment about RedirFS for Dazuko: In your paper on RedirFS you described that the PID of the priveledged app must be provided to the kernel module. Since Dazuko has its own mechanism to provide these checks (dynamically at runtime), it would be helpful if RedirFS would allow filters to decide who is allowed and who is not. This is actually not so simple because you probably don't want to trust filters at that level. But it's just something to think about. I will keep you posted with my work about integrating RedirFS into the official Dazuko branch. John Ogness -- Dazuko Maintainer _______________________________________________ Dazuko-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/dazuko-devel
