On Tue, 24 Jul 2001, Wayne Salamon wrote: > James Morris wrote: > > > > > alloc_security() > > We can always allocate the security context the first time we control > access to the device, so this call isn't absolutely necessary, but > see below: Agreed, and it may become quite invasive and difficult to maintain hooks for every instance of a netdevice probe (or initialization for some virtual devices, such as loopback). > > > free_security() > > In order to prevent memory leaks, this call is needed because > the LSM doesn't know when a device is disconnected unless it > is told by a hook somewhere. We can't rely on an ioctl() call > to change a device state before being deconfigured. So for > symmetry, alloc_security() and free_security() are both > desirable. > Given that it's possible to allocate a security context on the fly, what if we just rename alloc_security() to unregister() and leave it at that? It's better to have less hooks if we don't need them. > > > ioctl() > > > > For SELinux-LSM, we can perform the ioctl checks on net devices > in the sys_ioctl hook. However, this requires a copy from user > space in order to retrieve the net device name. If that copy > within a LSM isn't an issue, this ioctl() call can be removed. > While this is an extra copy, it will probably be lost in the noise of the context switch, and is not in a peformance critical network path. Would you expect to propagate the sys_ioctl hook to security_ops->netdev->ioctl() in this case ? I think it would make a better API for LSM module developers if hooks are always associated with their respective kernel objects. - James -- James Morris <jmorrisat_private> _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 07:34:31 PDT