Moving forward with SELinux, I have begun to working with IPC. In order to make intelligent access decisions, LSM modules will likely need access to several of the kernel IPC structures. Currently some of these structures are not available externally. In particular: struct shmid_kernel is defined in ipc/shm.c struct msg_queue is defined in ipc/msg.c struct msg_msg is defined in ipc/msg.c I am proposing that these structures (and dependencies) be moved into the appropriate header files (shm.h and msg.h), within '#ifdef __KERNEL__' tags. By doing this, the structures will be available to LSM modules. I will also be adding an a security field (void *) to struct kern_ipc_perm and struct msg_msg. I'm looking for opinions or alternatives. If there are no objections, I will do as I proposed and submit a patch in a couple days that incorporates this change, as well as some proposed LSM hook insertion points for IPC. Note, there aren't any issues with semaphores, the appropriate structure (struct sem_array) is already available in include/linux/sem.h. This all appears to be part of the reorganization that occurred between the 2.2 and 2.4 kernels. chris. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jun 11 2001 - 12:33:25 PDT