How to attach some config info permanently to a object?

From: ¶«·½ ó»Î (phanixat_private)
Date: Thu Jan 23 2003 - 01:23:12 PST

  • Next message: ¶«·½ ó»Î: "How to attach some config info permanently...."

    Hi!
    
     I'm working on a MEC(Mandatory Execution Control) module based on
     the LSM infrastructure of linux-2.4.19.
     The module's config file is /etc/mec.conf. In the config file, for 
    example:
    
     /bin/bash
     !{
      /bin/ping
     }
     #This means a /bin/bash process can execute anything but /bin/ping.
    
     /bin/tcsh
     {
      /bin/ls
     }
     #This means a /bin/tcsh process can only execute /bin/ls.
     
     In the module init function,
     First, it reads its config file, parse it, extract legal 
     config entrys from it and store them( in the space kmalloced ) in kernel 
    space
     in the form of a list:
    
     conf_list_head-->|(first conf info node)|    |(second conf info node)|
                      |Name:/bin/bash        |    |Name:/bin/tcsh         |
                      |Logic:list_deny       |    |Logic:list_allow       |
                      |binlist:/bin/ping     |    |binlist:/bin/ls        |
                      
    |next---------------------->|next------------------------->....
    
     Then it tries to attach proper mec config info to every process:
    
     lock_kernel();
     for_each_task(taskp)
       set_task_mec_info(taskp);
     unlock_kernel();
    
     Here set_task_mec_info() first tries to get the process's full pathname
     (for example: /usr/sbin/httpd)
     (Currently, I have trouble doing this. Chris told me to use the code
      of proc_exe_link. I think that the code of proc_exe_link is just what I 
    need.
      I tried but when make module_install, depmod said :Unresolved symbol : 
    mmput .
      I don't know why. I have included sched.h in the module.
      This problem may be stupid. But infact I'm new to linux. Please help me 
    with 
      this. )
     Then search through the conf list to see if there is an entry for this 
    pathname.
     If find one, then set this task's void *security( in the task_struct ) to 
    point
     to the conf info node.
    
     Here is the problem:
     *** What if any other module uses task's void *security pointer and set it 
    to 
         some other value?( Do I realy need to maintain a hashlist of pid and 
    confinfo
         in the module? )
     *** In a module based on LSM, how to attach some config info permanently 
    to an
         object(for example, from the point a task is forked until it exits)? 
         alloc_security() and free_security() seems useless here.
     *** In fact, I don't know when do we need to use alloc_securit(),
         then set_security(), then free_security().Can anyone give me a 
    scenario?
     *** Do u have any suggestions about the way I store the config info in   
         the kernel space? It may be very childish.
    
     Thanks.
    
                                                             X.H.Beijing
    
    _________________________________________________________________
    ÏíÓÃÊÀ½çÉÏ×î´óµÄµç×ÓÓʼþϵͳ¡ª MSN Hotmail¡£  http://www.hotmail.com  
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 01:24:45 PST