* Serge E. Hallyn (hallynat_private) wrote: > ok, not entirely sure i'm thinking right here. > > Security ops are attached at do_initcalls in do_basic_setup. > proc_init_root is called before this. This means that if we > actually use inode_alloc_security and kmalloc anything for > the inode->i_security to point to, then we have a time where > inodes for the procfs exist, but i_security does not. So > > 1. Am i right? yes and no. the security_ops struct is initialized with the dummy stubs before proc_init_root. But, if you compile in your module, or load your module, then _your_ call to init_module will happen later. > 2. Would we like to change this? How? Sure, I can work around > it, but it seems like something most people will have to deal > with. It would be nice to fix this. The problem is stickier for true modules. Do you want to cycle through all existting kernel objects and label them (what about processes that were running before your module was loaded)? Compiling in is simpler, we could link the load time to the startup funciton... -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jul 09 2001 - 12:13:20 PDT