Re: quotactl hook

Previous message: Stephen Smalley: "Re: quotactl hook"
In reply to: Greg KH: "Re: quotactl hook"
Next in thread: Greg KH: "Re: quotactl hook"
Next in thread: Crispin Cowan: "Re: quotactl hook"
Reply: Greg KH: "Re: quotactl hook"
Reply: Chris Wright: "Re: quotactl hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sdsat_private

On Sun, 2 Sep 2001, Greg KH wrote:

> int my_module_task_alloc_security (struct task_struct *p)
> {
> 	down (&task_semaphore);
> 	if (p->security == NULL) {
> 		p->security = kmalloc (sizeof (struct my_task_security_struct));
> 		if (p->security == NULL) {
> 			up (&task_semaphore);
> 			return -ENOMEM;
> 		}
> 		init_MUTEX (&p->security->semaphore);
> 		/* init the rest of your stuff */
> 		...
> 	}
> 	up (&task_semaphore);
> 	return 0;
> }

I tried doing something along these lines in the SELinux module, and ran
into another problem (besides the interrupt issue).  Since do_fork does a
'*p = *current;' and we do not clear p->security before calling 
security_ops->task_ops->alloc_security(p), the module task_alloc_security 
function above will incorrectly assume that the security blob is already
set rather than allocating a new blob for the new process.  So perhaps we
should explicitly clear p->security in do_fork before calling the hook?

--
Stephen D. Smalley, NAI Labs
ssmalleyat_private

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module