How to attach some config info permanently to a object?

• Previous message: Stephen D. Smalley: "[RFC][PATCH] Restore LSM hook calls to sendfile"
• Next in thread: Valdis.Kletnieksat_private: "Re: How to attach some config info permanently to a object?"
• Reply: Valdis.Kletnieksat_private: "Re: How to attach some config info permanently to a object?"
• Reply: Chris Wright: "Re: How to attach some config info permanently to a object?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

 I'm working on a MEC(Mandatory Execution Control) module based on
 the LSM infrastructure of linux-2.4.19.
 The module's config file is /etc/mec.conf. In the config file, for 
example:

 /bin/bash
 !{
  /bin/ping
 }
 #This means a /bin/bash process can execute anything but /bin/ping.

 /bin/tcsh
 {
  /bin/ls
 }
 #This means a /bin/tcsh process can only execute /bin/ls.
 
 In the module init function,
 First, it reads its config file, parse it, extract legal 
 config entrys from it and store them( in the space kmalloced ) in kernel 
space
 in the form of a list:

 conf_list_head-->|(first conf info node)|    |(second conf info node)|
                  |Name:/bin/bash        |    |Name:/bin/tcsh         |
                  |Logic:list_deny       |    |Logic:list_allow       |
                  |binlist:/bin/ping     |    |binlist:/bin/ls        |
                  
|next---------------------->|next------------------------->....

 Then it tries to attach proper mec config info to every process:

 lock_kernel();
 for_each_task(taskp)
   set_task_mec_info(taskp);
 unlock_kernel();

 Here set_task_mec_info() first tries to get the process's full pathname
 (for example: /usr/sbin/httpd)
 (Currently, I have trouble doing this. Chris told me to use the code
  of proc_exe_link. I think that the code of proc_exe_link is just what I 
need.
  I tried but when make module_install, depmod said :Unresolved symbol : 
mmput .
  I don't know why. I have included sched.h in the module.
  This problem may be stupid. But infact I'm new to linux. Please help me 
with 
  this. )
 Then search through the conf list to see if there is an entry for this 
pathname.
 If find one, then set this task's void *security( in the task_struct ) to 
point
 to the conf info node.

 Here is the problem:
 *** What if any other module uses task's void *security pointer and set it 
to 
     some other value?( Do I realy need to maintain a hashlist of pid and 
confinfo
     in the module? )
 *** In a module based on LSM, how to attach some config info permanently 
to an
     object(for example, from the point a task is forked until it exits)? 
     alloc_security() and free_security() seems useless here.
 *** In fact, I don't know when do we need to use alloc_securit(),
     then set_security(), then free_security().Can anyone give me a 
scenario?
 *** Do u have any suggestions about the way I store the config info in   
     the kernel space? It may be very childish.

 Thanks.

                                                         X.H.Beijing

_________________________________________________________________
ÏíÓÃÊÀ½çÉÏ×î´óµÄµç×ÓÓʼþϵͳ¡ª MSN Hotmail¡£  http://www.hotmail.com  

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: ¶«·½ ó»Î: "How to attach some config info permanently...."
• Previous message: Stephen D. Smalley: "[RFC][PATCH] Restore LSM hook calls to sendfile"
• Next in thread: Valdis.Kletnieksat_private: "Re: How to attach some config info permanently to a object?"
• Reply: Valdis.Kletnieksat_private: "Re: How to attach some config info permanently to a object?"
• Reply: Chris Wright: "Re: How to attach some config info permanently to a object?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 01:24:45 PST