On Tue, 7 May 2002, Chris Wright wrote: > There is still the issue that the capable() hook can sleep. We can't > distinguish these capable() calls, and in SELinux, for example, capable() > could call task_alloc_security() which could sleep (unless I'm misreading > the code). Placing the proposed permission_lite() hook ahead of the DAC > checks could fix this, but it would be out of sync with the rest of the > LSM hooks where placement is intended to be after DAC checks. True, but that's a module problem. In the SELinux case, the task_alloc_security() call would only occur if task_precondition() caught a task without a security blob, which should only happen for tasks allocated prior to module initialization (and only if this happens to be the first hook call that involves the task). We can work around this issue in various way, e.g. traversing the task list during module initialization and invoking task_precondition on all such tasks at that time, or having task_alloc_security always use atomic allocation when called from task_precondition for safety. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue May 07 2002 - 10:22:42 PDT