ACL check in elog_check_access?
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Jun 18 16:11:58 GMT 2008
On Wed, Jun 18, 2008 at 10:37:45AM -0500, Gerald (Jerry) Carter wrote:
> > Hmmm. Okay. How about the following: Open the tdb file using
> > open(2) as normal user and then as needed open the tdb file
> > using tdb_open as root if the open(2) succeeded on demand.
> > If anyone closes the handle you would have to tdb_close the
> > root-opened tdb file as well because fcntl locks would be
> > lost. But an on-demand re-open would solve this.
>
> That might work but you still need the se_access_check() to
> remember the granted access_mask. Can you explain what problem
> you are trying to solve? It's been a while since I looked at
> that code in detail.
No particular problem. It just looked weird to me to do file
access checks in user space, and I wanted to understand what
is going on.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080618/ee73327f/attachment.bin
More information about the samba-technical
mailing list