David Wagner wrote: > Crispin Cowan wrote: > >David Wagner wrote: > >Ok. So the LSM syscall and the LSM rmmod need an interlock. [...] > > I believe it's more pervasive than this. The app is going to check > whether SELinux is present and cache this information. If this > information becomes incorrected (by a rmmod), we need some way to inform > the app to invalidate its cache entry. > > (The app might be quiescent during the rmmod/insmod period, but then wake > back up after the insmod of a new module, and still have laying around > its old, incorrect cached information about which module is in place.) Ah, much clearer. Thanks for the cogent explanation. IMHO, this is The Application's Problem. Generically supporting module removal notification would require some kind of upcall, which we've rejected in the past. Put it in the documentation that applications that are going to depend on the semantics of "SELinux" (or whatever) was there last time I looked, so I'm going to continue to depend on it" will be brittle with respect to module removal. I suspect that this will not be a problem in practice. I don't believe that module removal will be all that common, other than for shutdown and massive reconfigurations anyway. An application that wants to be non-brittle should inspect error codes coming back from sys_lsm, looking for a return code of "EWTF?" ;-) and react appropriately. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 19:36:27 PDT