ACL check in elog_check_access?

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed Jun 18 16:11:58 GMT 2008

On Wed, Jun 18, 2008 at 10:37:45AM -0500, Gerald (Jerry) Carter wrote:
> > Hmmm. Okay. How about the following: Open the tdb file using
> > open(2) as normal user and then as needed open the tdb file
> > using tdb_open as root if the open(2) succeeded on demand.
> > If anyone closes the handle you would have to tdb_close the
> > root-opened tdb file as well because fcntl locks would be
> > lost. But an on-demand re-open would solve this.
> That might work but you still need the se_access_check() to
> remember the granted access_mask.  Can you explain what problem
> you are trying to solve?  It's been a while since I looked at
> that code in detail.

No particular problem. It just looked weird to me to do file
access checks in user space, and I wanted to understand what
is going on.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list