Re: A Comment from User Space

• Previous message: Greg KH: "Re: linux-security-module digest, Vol 1 #43 - 14 msgs"
• In reply to: Stephen Smalley: "Re: A Comment from User Space"
• Next in thread: Steve Beattie: "Re: A Comment from User Space"
• Next in thread: David Wagner: "Re: A Comment from User Space"
• Reply: Steve Beattie: "Re: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 24, 2001 at 03:10:23PM -0400, Stephen Smalley wrote:
> 
> On 24 Apr 2001, David Wagner wrote:
> 
> > Well, using a /proc interface takes at worst only two syscalls:
> >   fd = open("/proc/subdomain", O_RDWR);
> >   write(fd, "change_hat foo_perm ...", ...);
> > If you cache the fd, it takes only one syscall.  So, while I cannot
> > guarantee that it will be fast enough for your purposes, I would expect
> > that it most likely is about as good as a syscall.  Without measurements
> > to the contrary, I would expect a difficult time getting acceptance
> > from linux-kernel residents (although that's just a guess).
> 
> Why is such an approach preferable to reserving an actual
> system call for use by security modules?  Since Linus is 
> willing to consider accepting security hooks into the kernel,
> it doesn't seem unreasonable to request that a system call
> be reserved for such use.  If implementing system calls
> via pseudo file systems is the way to go, then why
> aren't the kernel developers migrating most of the 
> existing system calls to such an approach?  I would suggest
> that we make the attempt to gain acceptance for a reserved
> call, and fall back to using pseudo file systems only if our
> request is rejected.

Current syscalls are not being migrated to the pseudo file system
interface, as that breaks too many things.  But new things are being
"encouraged" to use this interface.  Look at the shared memory
interface in 2.4.x for example.

I agree with David on this one, I _much_ prefer to have the individual
modules expose their own filesystem through either the /proc interface,
or just through their own mountable filesystem.  Much more flexible, and
I don't think any slower in the end (I'll argue that SubDomain's current
syscall can be done using this interface also.)

However I know the need of some people to want syscalls, so I think if we
grab 5 that should keep everyone happy.  Or should we just overload the
current syscalls that deal with capabilities?

greg k-h
(remember, everything can be a filesystem...)


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Seth Arnold: "Re: A Comment from User Space"
• Previous message: Greg KH: "Re: linux-security-module digest, Vol 1 #43 - 14 msgs"
• In reply to: Stephen Smalley: "Re: A Comment from User Space"
• Next in thread: Steve Beattie: "Re: A Comment from User Space"
• Next in thread: David Wagner: "Re: A Comment from User Space"
• Reply: Steve Beattie: "Re: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 13:53:58 PDT