* Chris Vance (cvanceat_private) wrote: > > Moving forward with SELinux, I have begun to working with IPC. > > In order to make intelligent access decisions, LSM modules will likely > need access to several of the kernel IPC structures. Currently some of > these structures are not available externally. In particular: > > struct shmid_kernel is defined in ipc/shm.c > struct msg_queue is defined in ipc/msg.c > struct msg_msg is defined in ipc/msg.c > > I am proposing that these structures (and dependencies) be moved into > the appropriate header files (shm.h and msg.h), within '#ifdef > __KERNEL__' tags. > > By doing this, the structures will be available to LSM modules. > > I will also be adding an a security field (void *) to struct > kern_ipc_perm and struct msg_msg. > > I'm looking for opinions or alternatives. If there are no objections, I > will do as I proposed and submit a patch in a couple days that > incorporates this change, as well as some proposed LSM hook insertion > points for IPC. > > Note, there aren't any issues with semaphores, the appropriate > structure (struct sem_array) is already available in > include/linux/sem.h. > > This all appears to be part of the reorganization that occurred > between the 2.2 and 2.4 kernels. That's what I was planning (moving the private structures to header files for our sanity). So it sounds good to me ;-) Does SELInux require both a security tag on the message queue as well as the message? -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jun 11 2001 - 17:19:30 PDT