On Fri, 20 Feb 2009 11:53:28 +0100 Lino Sanfilippo <[email protected]> wrote:
<snip> > To be honest, I dont see the reason to handle process ignoring within > the kernel at all, > (as well as the group handling). > Those are things that should IMHO be done in userspace (maybe by > a daemon at which application can register for file accesses or > trust. This daemon could > be the ONLY allowed application to communicate with dazuko). > There may be applications that would like to handle process trusting > and group handling > in a totally different way (i.e by using config files that specify > which applications to > consider as trusted, or using certificates or another authorization > scheme to allow trusts). > > It would also make the kernel code less complex without the > group/ignoring implementation, > and thus a lot more stable. > > Greetings, > Lino Sanfilippo Yes, I have the same opinion. That is why there is no group support in avflt and till the version 0.4 there was also not "trusted frawork". But as I wrote, it is needed when scanning is done in a different process then process accepting kernel events(deadlock). -FH _______________________________________________ Dazuko-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/dazuko-devel
