Re: A Comment from User Space

• Previous message: Valdis.Kletnieksat_private: "Re: A Comment from User Space"
• In reply to: David Wagner: "Re: A Comment from User Space"
• Next in thread: David Wagner: "Re: A Comment from User Space"
• Next in thread: jmjonesat_private: "Re: A Comment from User Space"
• Reply: David Wagner: "Re: A Comment from User Space"
• Reply: Greg KH: "Re: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 23 Apr 2001 23:41:32 BST, dawat_private (David Wagner)  said:
> You seem to have some misconceptions about how kernel code works.
> For starters, errno is a purely user-space construction.  In the kernel,
> a syscall returns, e.g., -EPERM to indicate a permission error; then
> user-level libc wrappers change this into errno=EPERM, retval=-1.
 
> If you want to add a global kernel variable that holds the most recent
> error, and you want to add a getlatesterror() syscall (or /proc entry,
> or ioctl, or whatever the best interface is), feel free to do so in
> your module.  I don't want this in my module.  And, I'm not convinced
> this is even a good idea.  For instance, this is not thread-safe.

And as I've said several times, modules that don't want to do it will
just provide a null-stub and not do it...

> For these reasons, I don't think this proposal is mature enough to
> merit inclusion in the general kernel patch (as opposed to your favorite
> policy module).  And since it doesn't need to be in the general kernel
> patch -- since it can be handled by policy modules -- maybe we should
> leave it out of the general kernel patch.  Agreed?

I'll meet you half-way on this one - I admit doing most of my coding
over on the userland side of the fence, and I don't really care if
it's actually implemented in the kernel patch or not.  So...

As long as we define an API, and have at least *some* hand-waving
of "a module could do this-or-that to provide it", I'll shut up
about the exact implementation.

My requirement is "the LSM interface needs the moral equivalent
of the PAM pam_strerror() routine", and that I know that if I
get an EPERM error in errno, that calling lsm_perror() will:

a) be guaranteed to be there (even if only as a stub)
b) Return either a more detailed description than EPERM or 'no further info'.

/Valdis

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: David Wagner: "Re: A Comment from User Space"
• Previous message: Valdis.Kletnieksat_private: "Re: A Comment from User Space"
• In reply to: David Wagner: "Re: A Comment from User Space"
• Next in thread: David Wagner: "Re: A Comment from User Space"
• Next in thread: jmjonesat_private: "Re: A Comment from User Space"
• Reply: David Wagner: "Re: A Comment from User Space"
• Reply: Greg KH: "Re: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 19:35:56 PDT