On Wed, 22 Aug 2001, richard offer wrote: > fixes the signed/unsigned mismatch > returns -ENOSYS for the default modules (security, capability_plug) as > requested by Stephen at the BOF. > Adds a comment to the header file documenting the use of modid and the > expected behaviour, regarding returning ENOSYS if the module does not > implement sys_security(). IMHO, we should omit the comment from security.h. We can mention it as an optional convention in separate documentation, along with documentation of the other hooks. Also, does it really matter whether modid and call are signed or unsigned? The attached patch is what is currently in my tree. I just added an int magic parameter and changed the dummy and capability hook functions to return -ENOSYS. -- Stephen D. Smalley, NAI Labs ssmalleyat_private diff -X /home/sds/dontdiff -ru lsm-wirex/include/linux/security.h lsm/include/linux/security.h --- lsm-wirex/include/linux/security.h Wed Aug 22 12:29:24 2001 +++ lsm/include/linux/security.h Wed Aug 22 13:09:52 2001 @@ -254,7 +254,7 @@ void (* post_mountroot) (struct super_block *sb); void (* post_addmount) (struct vfsmount *mnt, struct nameidata *mountpoint_nd); - int (* syscall) (int call, unsigned long *args); + int (* syscall) (int magic, int call, unsigned long *args); /* swapon/swapoff: parm dentry is a pointer to the dir entry * for the swap file or swap device. diff -X /home/sds/dontdiff -ru lsm-wirex/security/capability_plug.c lsm/security/capability_plug.c --- lsm-wirex/security/capability_plug.c Wed Aug 22 12:29:24 2001 +++ lsm/security/capability_plug.c Wed Aug 22 13:11:30 2001 @@ -49,7 +49,7 @@ static void cap_post_mountroot (struct super_block *sb) {return;} static void cap_post_addmount (struct vfsmount *mnt, struct nameidata *nd) {return;} -static int cap_syscall (int call, unsigned long *args) {return 0;} +static int cap_syscall (int magic, int call, unsigned long *args) {return -ENOSYS;} static int cap_swapon (struct dentry *dentry) {return 0;} static int cap_swapoff (struct dentry *dentry) {return 0;} static int cap_nfsservctl (int cmd, struct nfsctl_arg *arg) {return 0;} diff -X /home/sds/dontdiff -ru lsm-wirex/security/security.c lsm/security/security.c --- lsm-wirex/security/security.c Wed Aug 22 12:29:24 2001 +++ lsm/security/security.c Wed Aug 22 13:11:48 2001 @@ -69,7 +69,7 @@ static int dummy_sysctl (ctl_table * table, int op) {return 0;} static void dummy_post_mountroot (struct super_block *sb) {return;} static void dummy_post_addmount (struct vfsmount *mnt, struct nameidata *nd) {return;} -static int dummy_syscall (int call, unsigned long *args) {return 0;} +static int dummy_syscall (int magic, int call, unsigned long *args) {return -ENOSYS;} static int dummy_swapon (struct dentry *dentry) {return 0;} static int dummy_swapoff (struct dentry *dentry) {return 0;} static int dummy_nfsservctl (int cmd, struct nfsctl_arg *arg) {return 0;} @@ -707,9 +707,9 @@ * Works the same way sys_socketcall does. * */ -asmlinkage long sys_security (int call, unsigned long *args) +asmlinkage long sys_security (int magic, int call, unsigned long *args) { - return security_ops->syscall (call, args); + return security_ops->syscall (magic, call, args); } _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Aug 23 2001 - 08:08:45 PDT