Re: Some feedback on the hooks

From: Chris Wright (chrisat_private)
Date: Wed May 09 2001 - 18:35:10 PDT

  • Next message: Chris Wright: "2001_05_09 patch against 2.4.4"

    * Stephen Smalley (sdsat_private) wrote:
    > 
    > I've attached a patch that addresses a few of my earlier comments
    > and some other items.  Specifically, it implements additional calls to the
    > ptrace hook in the ptrace system call (in the non-TRACEME case) and for
    > attempts to access /proc/PID/mem files.  It also relocates the
    > call to the setattr hook so that it is always invoked, even
    > if the inode does not define its own setattr operation.  It
    > adds a s_security field to struct super_block for file system
    > security attributes.  Finally, it adds security.o to the export-objs
    > in the kernel Makefile so that register_security and unregister_security
    > are properly exported for modules.
    
    Stephen, thanks for the patch.  I've incorporated all your changes.  I'd
    still like to get cap_issubset and capable out of ptrace.c, but one step at
    a time ;-)  The super_block blob is in there, but I didn't update the
    security interface much (just added a super_block_security_ops struct with
    (alloc_|free_)security.  What did you have in mind for the security checks?
    Just the super_operations stuff?  The dquot_operations also?
    
    -chris
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed May 09 2001 - 18:36:36 PDT