florian.lissandres wrote: > I have another (last?) problem. I'm looking for the function which protect > the "file execute" and "file getattr" authorization.
"file execute" is permission for execve(), and LSM hook for this permission is tomoyo_bprm_check_security() in security/tomoyo/tomoyo.c . "file getattr" is permission for stat(), and LSM hook for this permission is tomoyo_inode_getattr() in the same file. > All others authorizations likes "create", "mkdir", "mkfifo", "mksock", > "ioctl", "chmod", "chown", "chgrp"...are clearly protected by a function > (tomoyo_path_number_perm for those authorizations) related to one or > severall LSM hook. Depending on whether pathname and/or numeric arguments are passed or not, several functions are defined. tomoyo_path_perm() is for one pathname, tomoyo_path2_perm() is for two pathnames, tomoyo_path_number_perm() is for one pathname and one number etc. (But in CaitSith, this distinction was removed because some users may not want to check all of these mandatory arguments.) Regards. _______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
