Re: Updated stacker.c (the real one, ignore the last post)

• Previous message: Crispin Cowan: "Slashdotted"
• In reply to: dwheelerat_private: "Updated stacker.c (the real one, ignore the last post)"
• Next in thread: Greg KH: "Re: Updated stacker.c (the real one, ignore the last post)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jul 20, 2002 at 01:09:25AM -0400, dwheelerat_private wrote:
>  * "Stacker" LSM security module.
>  * Load this module first as the primary LSM module,

David, thanks for starting work on the stacking module. At this point,
you know the LSM interface much better than I do, but I thought the
sys_security() had been designed to allow userspace to contact a
specific module through the module numeric id. (Which is computed with
the md5sum of the module name, by convention.) The stacking module
should be able to just call every stacked module with the paramters
unchanged and allow the stacked module to recognize that the call was
intended for some other security module, and return with a specific
errno. It isn't effecient (and wli must be upset about the introduction
of Yet Another Linear Search :) but it should be simple.

> #define COMPUTE_ERROR_IF_ANY_ERROR(CALL) \
> 	int final_result = 0; \
> 	int result; \
> 	struct module_entry *module_p; \
> 	for (module_p = stacked_modules; module_p; module_p->next) { \
> 		result = module_p->module_operations->CALL; \
> 		if (result && !final_result) final_result = result; \
> 	}

This will give errors: 
> 	for (module_p = stacked_modules; module_p; module_p->next) { \
use this instead:
> 	for (module_p = stacked_modules; module_p; module_p = module_p->next) { \


> #define COMPUTE_SUCCESS_IF_ANY_SUCCESS(CALL) \
[...]
> 	for (module_p = module_p->next; module_p; module_p->next) { \

Same here.

> /* Call all modules in stacked_modules' CALL routine */
> #define CALL_ALL(CALL) \
> 	struct module_entry *module_p; \
> 	for (module_p = stacked_modules; module_p; module_p->next) { \
> 		module_p->module_operations->CALL; \
> 	}

Same here.

This is as far as I made it before I had to leave; as a final parting
comment, I suggest that your stacking module should use some form of
locking to protect the module stack, and acquire that lock when
traversing the stack to compute error returns. (I suggest using the RCU
locking mechanism, presented at OLS, as that would make the stack
traversal very cheap, while pushing the locking costs onto the stack
change procedures, which is likely going to be very rare in a system's
uptime. A first cut should probably use a simpler locking primitive, but
mark it with a TODO for some enterprising chap in the future. :)

Thanks again David

-- 
http://www.wirex.com/

• application/pgp-signature attachment: stored

• Next message: Crispin Cowan: "Re: Problem stacking sys_security; need id in security_ops or mod_reg_security"
• Previous message: Crispin Cowan: "Slashdotted"
• In reply to: dwheelerat_private: "Updated stacker.c (the real one, ignore the last post)"
• Next in thread: Greg KH: "Re: Updated stacker.c (the real one, ignore the last post)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jul 20 2002 - 13:29:40 PDT