Hi, On Wed, Oct 23, 2002 at 10:27:27AM -0400, Stephen Smalley wrote: > On Wed, 23 Oct 2002, Stephen C. Tweedie wrote: > > setfsuid() creates credentials which are _only_ applied to file > > operations. The namespace happens to be the same one that applies to > > processes, but there's nothing that requires that to be the case > Would we need a separate call for setting the SIDs to use for each > "namespace", i.e. fs (for open, mkdir, mknod, and symlink calls), IPC > (for semget, msgget, and shmget calls), process (for execve calls), and > socket (for socket, connect, listen, sendmsg, and sendto calls, requiring > two SIDs for send*)? The BSD socket API already has a clean and extensible way of dealing with multiple namespaces, so there's plenty of precedent about how to do this without requiring multiple syscalls. > While your approach would work for calls that take input SID parameters, > what about the various calls that return SIDs either directly or via > output SID parameters, e.g. extended forms of *stat, msgrcv, recvmsg, > getpeername/accept plus new calls like (sem|shm|msg)sid and getsecsid? Good question --- what is the reason you need these, and are other security modules likely to need similar functionality? If so, there's an argument for new syscalls which take a credentials/sid area as a return argument. --Stephen _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 07:56:23 PDT