How to attach some config info permanently....

From: (phanixat_private)
Date: Thu Jan 23 2003 - 01:26:06 PST

  • Next message: jan-erik.ekbergat_private: "RE: How to attach some config info permanently...."

     I'm working on a MEC(Mandatory Execution Control) module based on
     the LSM infrastructure of linux-2.4.19.
     The module's config file is /etc/mec.conf. In the config file, for 
     #This means a /bin/bash process can execute anything but /bin/ping.
     #This means a /bin/tcsh process can only execute /bin/ls.
     In the module init function,
     First, it reads its config file, parse it, extract legal 
     config entrys from it and store them( in the space kmalloced ) in kernel 
     in the form of a list:
     conf_list_head-->|(first conf info node)|    |(second conf info node)|
                      |Name:/bin/bash        |    |Name:/bin/tcsh         |
                      |Logic:list_deny       |    |Logic:list_allow       |
                      |binlist:/bin/ping     |    |binlist:/bin/ls        |
     Then it tries to attach proper mec config info to every process:
     Here set_task_mec_info() first tries to get the process's full pathname
     (for example: /usr/sbin/httpd)
     (Currently, I have trouble doing this. Chris told me to use the code
      of proc_exe_link. I think that the code of proc_exe_link is just what I 
      I tried but when make module_install, depmod said :Unresolved symbol : 
    mmput .
      I don't know why. I have included sched.h in the module.
      This problem may be stupid. But infact I'm new to linux. Please help me 
      this. )
     Then search through the conf list to see if there is an entry for this 
     If find one, then set this task's void *security( in the task_struct ) to 
     to the conf info node.
     Here is the problem:
     *** What if any other module uses task's void *security pointer and set it 
         some other value?( Do I realy need to maintain a hashlist of pid and 
         in the module? )
     *** In a module based on LSM, how to attach some config info permanently 
    to an
         object(for example, from the point a task is forked until it exits)? 
         alloc_security() and free_security() seems useless here.
     *** In fact, I don't know when do we need to use alloc_securit(),
         then set_security(), then free_security().Can anyone give me a 
     *** Do u have any suggestions about the way I store the config info in   
         the kernel space? It may be very childish.
    ĵʼϵͳ MSN Hotmail  
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 01:26:28 PST