Here's yet another version of stacker.c. Thanks for the feedback, folks! Rather than post a mailbomb, I've placed the current version at: http://www.dwheeler.com/misc/stacker.c I've added a date - the current version is dated 2002-07-20, which is (proudly?) displayed near the beginning of the file. I'll just update this URL with newer versions, since I don't expect anyone to be interested in old drafts of this thing yet. Changes: * More documentation, especially noting that modules that want to be stackable must NOT, when stacked, try to do another's job. E.G., in capable(), your code should look like this: if (!secondary) if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0) return 0; return -EPERM; * Also noted that modules that want to be stackable need to set "secondary" to 1 _before_ they register as a child module, to avoid a subtle race condition that only shows up when you try to write a stacking module. This is an interesting race condition that is universal among stacking modules. It means, BTW, that stackable modules (like owlsm) will need to have their secondary = 1 statement moved. Details in the comments. * Implemented a number of sys_security calls that apply to the stacker itself. This includes the ability to disable adding children, removing children, and removing the module itself. * Added support for removing children. * Fixed a race condition when stacker is being stacked underneath ANOTHER multiplexor - now set secondary before registering. Greg K-H has made a few really nice comments that I haven't figured out how to respond to (re: locking and do .. while(0)). For the moment, they're in the comments as TODO items so they won't get lost or forgotten. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sat Jul 20 2002 - 22:50:17 PDT