Re: A Comment from User Space

• Previous message: jmjonesat_private: "Re: Source Control"
• In reply to: Valdis.Kletnieksat_private: "Re: A Comment from User Space"
• Next in thread: Valdis.Kletnieksat_private: "Re: A Comment from User Space"
• Next in thread: richard offer: "Re: A Comment from User Space"
• Reply: Valdis.Kletnieksat_private: "Re: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>What would people think of a defined interface to allow the LSM to
>tell the application more than 'errno = EFASCIST; return', [...]
>
>"On an access error, the LSM will set the process external var 'errno'
>to EFASCIST, and fill in the structure pointed to by the user process
>'struct *lsm_opaque_data *sec_err_explain' (after checking that the
>pointer is non-NIL and in the address space and all that)".

My initial reaction is that, whatever you decide, LSM's should not be
required to use this facility.  If you want to build a LSM that requires
this facility, I don't mind, but when I build the Janus-like LSM, I think
I'd prefer not to be forced to mess with this.  Whether or not to return
more detailed error messages looks an awful lot like policy, doesn't it?

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Valdis.Kletnieksat_private: "Re: A Comment from User Space"
• Previous message: jmjonesat_private: "Re: Source Control"
• In reply to: Valdis.Kletnieksat_private: "Re: A Comment from User Space"
• Next in thread: Valdis.Kletnieksat_private: "Re: A Comment from User Space"
• Next in thread: richard offer: "Re: A Comment from User Space"
• Reply: Valdis.Kletnieksat_private: "Re: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 11:56:56 PDT