Re: Possible system call interface for LSM

From: David Wagner (dawat_private)
Date: Thu Aug 09 2001 - 10:49:58 PDT

  • Next message: richard offer: "Re: Possible system call interface for LSM"

    Crispin Cowan  wrote:
    >Asking Linus for a single system call, and then multiplexing it to serve
    >whatever LSM modules need, was actually a decision we came to some months
    >ago.
    
    Did we?  I thought we had a discussion about syscalls vs /proc
    interface, and I came away with the tentative impression that
    /proc might work well enough for many (most?) of the modules.
    
    I currently believe that configuration-based control should be
    done through /proc, not through special add-on syscalls.  There
    may be other cases where you need a special syscall, but if I
    recall correctly, it was the exception rather than the norm.
    
    And using /proc solves all the arbitration issues very cleanly.
    You get code like
      fd = open("/proc/security/janus/config", O_WRONLY);
      write(fd, cfg, cfglen);
      close(fd);
    You don't have to worry about race conditions, about arbitration
    between modules, about code expecting Janus to be loaded and causing
    problems when it sends a syscall command that actually goes to
    SubDomain, the user/kernel data pointer problem, and so on.
    Moreover, modules can easily define their own configuration and
    control interface and structure it in any way they like under,
    e.g., their /proc/security/janus/ subdirectory.
    
    And, speaking personally, I find the /proc solution cleaner.
    The last thing I want to do is inflict another ioctl()-like
    interface on the world....
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 15:34:42 PDT