On 23.06.2013 21:19, Bastian Blank wrote:
Can you please describe what this interface brings for our users? I only
see message by you and noone else.
Bastian
In many enterprise environment servers are only allowed to be installed
together with a software to scan for viruses.
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y allows to install virus scanning
software.
Fedora already has this setting
http://pkgs.fedoraproject.org/cgit/kernel.git/plain/config-generic
The setting enables the part of the fanotify API that is responsible for
file access control.
Only users having the CAP_SYS_ADMIN capability (typically only root) can
use the API.
A virus scanner analyzes files before they opened and disallows access
if a file content is deemed dangerous.
It has to interact with the opening process of files on kernel level.
Before the fanotify interface was introduced this required a special
kernel module to be compiled. Up to Linux kernel 2.6.34 this could be
implemented using the Dazuko stackable filesystem.
With CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y no special Kernel module is
needed.
As I believe in free software I want to be able to run completely free
virus scanning solution. I developed a solution based on the fanotify
interface ClamAV and packaged it for Debian. See
http://xypron.github.io/skyldav
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y will also allow to install existing
commercial solutions.
Best regards
Heinrich Schuchardt
--
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/51cbd7cb.9060...@gmx.de
