Re: A Comment from User Space

From: Valdis.Kletnieksat_private
Date: Mon Apr 23 2001 - 19:34:51 PDT

  • Next message: David Wagner: "Re: A Comment from User Space"

    On Mon, 23 Apr 2001 23:41:32 BST, dawat_private (David Wagner)  said:
    > You seem to have some misconceptions about how kernel code works.
    > For starters, errno is a purely user-space construction.  In the kernel,
    > a syscall returns, e.g., -EPERM to indicate a permission error; then
    > user-level libc wrappers change this into errno=EPERM, retval=-1.
     
    > If you want to add a global kernel variable that holds the most recent
    > error, and you want to add a getlatesterror() syscall (or /proc entry,
    > or ioctl, or whatever the best interface is), feel free to do so in
    > your module.  I don't want this in my module.  And, I'm not convinced
    > this is even a good idea.  For instance, this is not thread-safe.
    
    And as I've said several times, modules that don't want to do it will
    just provide a null-stub and not do it...
    
    > For these reasons, I don't think this proposal is mature enough to
    > merit inclusion in the general kernel patch (as opposed to your favorite
    > policy module).  And since it doesn't need to be in the general kernel
    > patch -- since it can be handled by policy modules -- maybe we should
    > leave it out of the general kernel patch.  Agreed?
    
    I'll meet you half-way on this one - I admit doing most of my coding
    over on the userland side of the fence, and I don't really care if
    it's actually implemented in the kernel patch or not.  So...
    
    As long as we define an API, and have at least *some* hand-waving
    of "a module could do this-or-that to provide it", I'll shut up
    about the exact implementation.
    
    My requirement is "the LSM interface needs the moral equivalent
    of the PAM pam_strerror() routine", and that I know that if I
    get an EPERM error in errno, that calling lsm_perror() will:
    
    a) be guaranteed to be there (even if only as a stub)
    b) Return either a more detailed description than EPERM or 'no further info'.
    
    /Valdis
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 19:35:56 PDT