[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Dazuko-devel] dazukofs and /dev/dazukofs.ign
|
From: |
Frantisek Hrbata |
|
Subject: |
Re: [Dazuko-devel] dazukofs and /dev/dazukofs.ign |
|
Date: |
Fri, 20 Feb 2009 12:01:23 +0100 |
On Fri, 20 Feb 2009 11:53:28 +0100
Lino Sanfilippo <address@hidden> wrote:
<snip>
> To be honest, I dont see the reason to handle process ignoring within
> the kernel at all,
> (as well as the group handling).
> Those are things that should IMHO be done in userspace (maybe by
> a daemon at which application can register for file accesses or
> trust. This daemon could
> be the ONLY allowed application to communicate with dazuko).
> There may be applications that would like to handle process trusting
> and group handling
> in a totally different way (i.e by using config files that specify
> which applications to
> consider as trusted, or using certificates or another authorization
> scheme to allow trusts).
>
> It would also make the kernel code less complex without the
> group/ignoring implementation,
> and thus a lot more stable.
>
> Greetings,
> Lino Sanfilippo
Yes, I have the same opinion. That is why there is no group support in
avflt and till the version 0.4 there was also not "trusted frawork".
But as I wrote, it is needed when scanning is done in a different
process then process accepting kernel events(deadlock).
-FH