Alan Cox wrote:
>On Thu, 2002-10-17 at 21:10, Greg KH wrote:
>
>
>>Ok, I think it's time for someone who actually cares about the security
>>syscall to step up here to try to defend the existing interface. I'm
>>pretty sure Ericsson, HP, SELinux, and WireX all use this, so they need
>>to be the ones defending it.
>>
>>
>The existing interface is basically the one Linus asked for, although
>perhaps with a little less thought on the structure side than it would
>have benefitted
>
The intent behind the syscall interface was that it needed to be generic
enough to support the 50+ syscalls that SELinux wants, and also be
generic enough to support potential modules that have not been invented
yet. That's why it is a MUX, and why the signature definition is enough
to deal with stacked modules and then pass a generic argv list to the
module itself.
Unfortunately, this design goal (highly generic interface) is
incompatible with the 32/64 bit transparancy layer that several
supported architectures need. As Christoph says, this is unfixable.
IMHO, it is unfixable because of conflicting design goals: you cannot
have a truly generic syscall interface and hope for it to port clean
from 32 bits to 64 bits.
Therefore, the sys_security syscall has been removed. LSM-aware
applications that want to talk to security modules can do so through a
file system interface. This will work for WireX, and Smalley says it
will work for SELinux. I hope it will work for others.
Again, my thanks for eveyone's help in cleaning up this issue, and my
apologies to anyone I may have offended. We should have thought about
the 32/64 bit issue when we defined that interface. Kudos to Greg K-H,
who told me that this syscall would be a problem.
Thanks,
Crispin
This archive was generated by hypermail 2b30 : Mon Oct 21 2002 - 14:14:26 PDT