On Thu, Jan 23, 2003 at 05:26:06PM +0800, ???? ???? wrote: > Here is the problem: > *** What if any other module uses task's void *security pointer and > set it to some other value?( Do I realy need to maintain a > hashlist of pid and confinfo in the module? ) No; as a security module, you can prevent other modules from loading. Thus you can ensure that you are the only one using the security pointers. > *** In a module based on LSM, how to attach some config info > permanently to an object(for example, from the point a task is > forked until it exits)? alloc_security() and free_security() > seems useless here. > *** In fact, I don't know when do we need to use alloc_securit(), > then set_security(), then free_security().Can anyone give me a > scenario? The usage is that you allocate some storage (either on your own private slab, or through kmalloc) however much memory your need with alloc_security(), and attach the storage to the task with *security. Then, in set_security(), you compute whatever settings you'd like to apply to that specific task and store them in the storage your allocated earlier. Where this may break down is for tasks that existed before your module was loaded. SELinux probably has some hints :) probably in the form of preconditions. (Though their official position is that SELinux should be linked into the kernel image, to ensure that all processes are confined.) > *** Do u have any suggestions about the way I store the config info in > the kernel space? It may be very childish. I guess it mostly depends on your predicted access patterns for the data. Chances are good that using per-task structs stored on a private slab is the way to go. However, since your pathname strings may be rather long, you may see better results to have a structure of pointers to the strings stored in kmalloc()ed space. Check out Linux Device Drivers, 2nd edition, for details on creating your own private slabs: http://www.xml.com/ldd/chapter/book/
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 11:27:47 PST