Re: A Comment from User Space

From: Valdis.Kletnieksat_private
Date: Mon Apr 23 2001 - 12:04:28 PDT

  • Next message: jmjonesat_private: "Re: A Comment from User Space"

    On Mon, 23 Apr 2001 18:54:38 BST, dawat_private (David Wagner)  said:
    > My initial reaction is that, whatever you decide, LSM's should not be
    > required to use this facility.  If you want to build a LSM that requires
    > this facility, I don't mind, but when I build the Janus-like LSM, I think
    > I'd prefer not to be forced to mess with this.  Whether or not to return
    > more detailed error messages looks an awful lot like policy, doesn't it?
    
    Well, I didn't say anything about what was in there, except maybe a
    cookie identifying the LSM.  Perhaps a flag field would be needed as well,
    
    #define SEC_NO_INFO  0x01
    #define SEC_PARTIAL_INFO 0x02
    #define SEC_DETAILED_INFO 0x04
    
    struct sec_error_return {
           int	LSM_ID_Cookie;
           int	LSM_detail_flag;
           union	{ /* intentionally unspecified, defined by LSM if it wants */
           }
    }
    
    or similar.  A given LSM would be required to fill in the cookie, and
    set the flag, and then be free to pass back whatever info it wanted to.
    
    So if a LSM wanted to be terse, it would just set errno, set SEC_NO_INFO,
    and go home.
    
    How you feel about that?
    
    -- 
    				Valdis Kletnieks
    				Operating Systems Analyst
    				Virginia Tech
    
    
    
    

    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module



    This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 12:06:09 PDT