On 8/29/07, someone wrote: > SELinux by example. Written by the guys who contributed a large chunk > of code for SELinux policy development.
Actually I have ruled out SELinux. It doesn't really do anything that I want. The Linux keyring code is closer but it currently does not have the desired access control methods. What I want is a device file that anyone can open but cannot read or write from until they do a special ioctl. The ioctl iterates over a list of "storages" that have certain attributes. The attributes are compared with the calling processes (e.g. pid or pid of ancestors or whatever other information that storage's access control method requires) to determine if that process is granted access to that storage. If no suitable storage is found, a new empty one is created, programmed with the desired access control attributes and the ioctl returns success. AFAICT SELinux would not be able to emulate this (also, quite frankly, SELinux is just too hard to customize). I'm still looking at Linux keyring. Mike -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to [EMAIL PROTECTED] Please read the FAQ at http://kernelnewbies.org/FAQ
