[RFC][PATCH 00/13] Mount, FS, Block and Keyrings notifications [ver #4]
David Howells
dhowells at redhat.com
Wed Jun 12 08:55:02 UTC 2019
Stephen Smalley <sds at tycho.nsa.gov> wrote:
> 2) If notifications can be triggered by read-like operations (as in fanotify,
> for example), then a "read" can be turned into a "write" flow through a
> notification.
I don't think any of the things can be classed as "read-like" operations. At
the moment, there are the following groups:
(1) Addition of objects (eg. key_link, mount).
(2) Modifications to things (eg. keyctl_write, remount).
(3) Removal of objects (eg. key_unlink, unmount, fput+FMODE_NEED_UNMOUNT).
(4) I/O or hardware errors (eg. USB device add/remove, EDQUOT, ENOSPC).
I have not currently defined any access events.
I've been looking at the possibility of having epoll generate events this way,
but that's not as straightforward as I'd hoped and fanotify could potentially
use it also, but in both those cases, the process is already getting the
events currently by watching for them using synchronous waiting syscalls.
Instead this would generate an event to say it had happened.
David
More information about the Linux-security-module-archive
mailing list