[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Dazuko-devel] dazukofs and /dev/dazukofs.ign

From: Frantisek Hrbata
Subject: Re: [Dazuko-devel] dazukofs and /dev/dazukofs.ign
Date: Fri, 20 Feb 2009 12:01:23 +0100

On Fri, 20 Feb 2009 11:53:28 +0100
Lino Sanfilippo <address@hidden> wrote:


> To be honest, I dont see the reason to handle process ignoring within 
> the kernel at all,
> (as well as the group handling).
> Those are things that should IMHO be done in userspace (maybe by
> a daemon at which application can register for file accesses or
> trust. This daemon could
> be the ONLY allowed application to communicate with dazuko).
> There may be applications that would like to handle process trusting
> and group handling
> in a totally different way (i.e by using config files that specify
> which applications to
> consider as trusted, or using certificates or another authorization 
> scheme to allow trusts).
> It would also make the kernel code less complex without the 
> group/ignoring implementation,
> and thus a lot more stable.
> Greetings,
> Lino Sanfilippo

Yes, I have the same opinion. That is why there is no group support in
avflt and till the version 0.4 there was also not "trusted frawork".
But as I wrote, it is needed when scanning is done in a different
process then process accepting kernel events(deadlock).


reply via email to

[Prev in Thread] Current Thread [Next in Thread]