Dazuko is a kludge
Posted Oct 23, 2006 18:21 UTC (Mon) by bluefoxicy
Parent article: Critical Linux security API is still a kludge (Inquirer)
Dazuko is nice but it's honestly a kludge. The new FUSE API will include a "Filter" file system which allows the FUSE module to read underneath itself-- and see what it's mounted over. Using this functionality, file-level access control can be implemented exactly as with Dazuko; but so much more, like compression and encryption and new APIs, can also be placed by skilled programmers.
Because FUSE acts just like kernel code, blocking until it does its work, you can modify or block access to files. You can tell the calling process the file is owned by another user, or just isn't allowed to be opened for no real reason at all besides that you say so. Once filtering is added, the entire functionality of Dazuko will fall right under the FUSE API.
to post comments)