Re: Possible system call interface for LSM

• Previous message: Stephen Smalley: "Re: Possible system call interface for LSM"
• In reply to: Stephen Smalley: "Re: Possible system call interface for LSM"
• Next in thread: richard offer: "Re: Possible system call interface for LSM"
• Reply: richard offer: "Re: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 9 Aug 2001, Stephen Smalley wrote:

> While I understand the appeal of doing all of the copyin/copyout
> from the entrypoint function, it seems unnecessarily limiting.

To be more specific, this would be very problematic for some of our
new operations, which are merely extended forms of existing system 
calls (e.g. extended forms of stat, mkdir, execve, ... that have
additional input or output parameters for security attributes).
These operations actually invoke the ordinary system calls 
(in between some pre and post processing to handle the additional
parameters), so they don't want to have to do the copyin/copyout
as a block on entry and exit.

--
Stephen D. Smalley, NAI Labs
ssmalleyat_private





_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Chris Vance: "[patch] Socket Receive Hook"
• Previous message: Stephen Smalley: "Re: Possible system call interface for LSM"
• In reply to: Stephen Smalley: "Re: Possible system call interface for LSM"
• Next in thread: richard offer: "Re: Possible system call interface for LSM"
• Reply: richard offer: "Re: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 06:12:33 PDT