The root PDF example is facetious, a competent security module could decline access to a file that could be re-written by a non-privileged user. Also it could deny read access, to files currently held open for Write by other users. Similarly, it could decline write access to files, that have open file descriptors held by other users, similar to the default file locking used by OS like VMS. SunOS 4 had a union type file system, that was COW, it was used as basis for a source code management system. That might also be an interesting approach, at price of losing POSIX filesystem semantics. Actually a COW filesystem, overlay for chroot-ed daemons, would allow hard-linking of most of the files, so it wouldn't just be useful when some kind of file scanning was intended.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds