There was some minor discussion recently about modules needing to modify the system call table to create module specific system calls. It prompted me to investigate a fixed system call for LSM that will multiplex the variety of system calls required for each different security scheme. I've attached a patch of the proposed idea for people to comment on. The basis of the patch is to create a new system call (sys_security) that accepts generic arguments (much like ioctl) and performs the copy_from_user() and copy_to_user() so the module doesn't have to worry about it. This method requires that the application (or an associated library) know the format of the data that the module is expecting. For that reason, it could be problematic if library A executed the system call of module B. I've added a module id field to the security_ops structure that is set by the module when loaded and is checked against the module id provided by the application (or library) when the system call is executed. I'd appreciate any thoughts on this approach. --- Lachlan McIlroy Phone: +61 3 9596 4155 Trusted Linux Fax: +61 3 9596 2960 Adacel Technologies Ltd www.adacel.com
This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 21:02:10 PDT