Crispin Cowan wrote:
>Asking Linus for a single system call, and then multiplexing it to serve
>whatever LSM modules need, was actually a decision we came to some months
>ago.
Did we? I thought we had a discussion about syscalls vs /proc
interface, and I came away with the tentative impression that
/proc might work well enough for many (most?) of the modules.
I currently believe that configuration-based control should be
done through /proc, not through special add-on syscalls. There
may be other cases where you need a special syscall, but if I
recall correctly, it was the exception rather than the norm.
And using /proc solves all the arbitration issues very cleanly.
You get code like
fd = open("/proc/security/janus/config", O_WRONLY);
write(fd, cfg, cfglen);
close(fd);
You don't have to worry about race conditions, about arbitration
between modules, about code expecting Janus to be loaded and causing
problems when it sends a syscall command that actually goes to
SubDomain, the user/kernel data pointer problem, and so on.
Moreover, modules can easily define their own configuration and
control interface and structure it in any way they like under,
e.g., their /proc/security/janus/ subdirectory.
And, speaking personally, I find the /proc solution cleaner.
The last thing I want to do is inflict another ioctl()-like
interface on the world....
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 15:34:42 PDT