On 2008-11-07, Lino Sanfilippo <[EMAIL PROTECTED]> wrote: > would it make sense to you to extend the dazukofs.ign device in a > way that a process is able to register other processes (i.e. by > writing their pid to it)? I think that could be useful for > applications that use a single process to manage the access > permissions of other applications/processes.
I agree that it could be useful, but PID's are not very secure. The Dazuko 2.x method of allowing child-processes to be trusted is probably a better way to go. I suppose writing something to the dazukofs.ign device could be used to interpret if children should be ignored or not. However, that is quite an expensive feature. For every file access, Dazuko(FS) must go through the list of ignored processes and check if the accessing process is a child of that process. I am worried that dazukofs.ign will become the "rule" instead of the "exception" for application developers. This is not something that we should encourage. I need to let this thought sit on my brain for a little while. Anyone else have comments on this? John Ogness -- Dazuko Maintainer _______________________________________________ Dazuko-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/dazuko-devel
