Re: initialization

From: Chris Wright (chrisat_private)
Date: Mon Jul 09 2001 - 12:11:03 PDT

  • Next message: Greg KH: "Re: Hooks, authority, MAC, the future and proposol"

    * Serge E. Hallyn (hallynat_private) wrote:
    > ok, not entirely sure i'm thinking right here.
    > 
    > Security ops are attached at do_initcalls in do_basic_setup.
    > proc_init_root is called before this.  This means that if we
    > actually use inode_alloc_security and kmalloc anything for
    > the inode->i_security to point to, then we have a time where
    > inodes for the procfs exist, but i_security does not.  So
    > 
    > 1. Am i right?
    
    yes and no.  the security_ops struct is initialized with the dummy stubs
    before proc_init_root.  But, if you compile in your module, or load your
    module, then _your_ call to init_module will happen later.
    
    > 2. Would we like to change this?  How?  Sure, I can work around
    > it, but it seems like something most people will have to deal
    > with.
    
    It would be nice to fix this.  The problem is stickier for true modules.
    Do you want to cycle through all existting kernel objects and label them
    (what about processes that were running before your module was loaded)?
    Compiling in is simpler, we could link the load time to the startup
    funciton...
    
    -chris
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Jul 09 2001 - 12:13:20 PDT