Re: Initial snapshot release of the LSM-based SELinux prototype

• Previous message: Lachlan McIlroy: "quotactl hook"
• In reply to: richard offer: "Re: Initial snapshot release of the LSM-based SELinux prototype"
• Next in thread: Stephen Smalley: "Re: Initial snapshot release of the LSM-based SELinux prototype"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Aug 24, 2001 at 08:29:15PM -0700, richard offer wrote:
> 
> If we only rely on task_alloc() to setup the blob, wont that mean that we
> can't add any security blobs to processes that are already running at
> module load time (or we can, but each person is going to have to re-invent
> the wheel) ?

You can either require your module to be compiled into the kernel at
boot time or:
	- on module load walk the chain of running processes inserting
	  your blob.
	- when a hook is called, and there is no blob on the current
	  structure passed to you, create it then like you would have in
	  the initial hook.

The last option is probably the easiest, but you can do which ever you
want.  And no, there really isn't a way to provide logic in the LSM
framework for these, you will have to handle it yourself.

thanks,

greg k-h

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Greg KH: "Re: quotactl hook"
• Previous message: Lachlan McIlroy: "quotactl hook"
• In reply to: richard offer: "Re: Initial snapshot release of the LSM-based SELinux prototype"
• Next in thread: Stephen Smalley: "Re: Initial snapshot release of the LSM-based SELinux prototype"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Aug 26 2001 - 23:08:34 PDT