* Stephen Smalley (sdsat_private) wrote: > > > On Sun, 2 Sep 2001, Greg KH wrote: > > > int my_module_task_alloc_security (struct task_struct *p) > > { > > down (&task_semaphore); > > if (p->security == NULL) { > > p->security = kmalloc (sizeof (struct my_task_security_struct)); > > if (p->security == NULL) { > > up (&task_semaphore); > > return -ENOMEM; > > } > > init_MUTEX (&p->security->semaphore); > > /* init the rest of your stuff */ > > ... > > } > > up (&task_semaphore); > > return 0; > > } > > I tried doing something along these lines in the SELinux module, and ran > into another problem (besides the interrupt issue). Since do_fork does a > '*p = *current;' and we do not clear p->security before calling > security_ops->task_ops->alloc_security(p), the module task_alloc_security > function above will incorrectly assume that the security blob is already > set rather than allocating a new blob for the new process. So perhaps we > should explicitly clear p->security in do_fork before calling the hook? that makes sense to me. -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 16:35:30 PDT