ACL check in elog_check_access?

Gerald (Jerry) Carter jerry at
Wed Jun 18 15:37:45 GMT 2008

Hash: SHA1


> On Wed, Jun 18, 2008 at 09:22:48AM -0500, Gerald (Jerry) Carter wrote:
>> A client may have multiple open handles and in some cases
>> multiple users may open the event log so opening as root and
>> maintaining a ref count was the only way I could thing of to
>> service multiple access lvls concurrently in the same process.
> Hmmm. Okay. How about the following: Open the tdb file using
> open(2) as normal user and then as needed open the tdb file
> using tdb_open as root if the open(2) succeeded on demand.
> If anyone closes the handle you would have to tdb_close the
> root-opened tdb file as well because fcntl locks would be
> lost. But an on-demand re-open would solve this.

That might work but you still need the se_access_check() to
remember the granted access_mask.  Can you explain what problem
you are trying to solve?  It's been a while since I looked at
that code in detail.

cheers, jerry
- --
Samba                                    -------
Likewise Software          ---------
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the samba-technical mailing list