Re: Initial snapshot release of the LSM-based SELinux prototype

From: Greg KH (gregat_private)
Date: Sun Aug 26 2001 - 23:05:56 PDT

  • Next message: Greg KH: "Re: quotactl hook"

    On Fri, Aug 24, 2001 at 08:29:15PM -0700, richard offer wrote:
    > 
    > If we only rely on task_alloc() to setup the blob, wont that mean that we
    > can't add any security blobs to processes that are already running at
    > module load time (or we can, but each person is going to have to re-invent
    > the wheel) ?
    
    You can either require your module to be compiled into the kernel at
    boot time or:
    	- on module load walk the chain of running processes inserting
    	  your blob.
    	- when a hook is called, and there is no blob on the current
    	  structure passed to you, create it then like you would have in
    	  the initial hook.
    
    The last option is probably the easiest, but you can do which ever you
    want.  And no, there really isn't a way to provide logic in the LSM
    framework for these, you will have to handle it yourself.
    
    thanks,
    
    greg k-h
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Sun Aug 26 2001 - 23:08:34 PDT