> your module-aware user-level applications. The recommended method is to > "make a file system." I don't know whether any of the sample modules > <http://lsm.immunix.org/lsm_modules.html> yet include code that does that. The 2.5 version of the DTE module does this. See security/dte/dte.c. While I'm not sure I like the particular implementation (*), it does work. It is basically an ugly, abbreviated version of Greg's hotplug code (search in linuxjournal). It did turn out much simpler than I had feared. -serge (*) Every process sees it's own results at the same filename, so typing echo /home/$USER/.aliases > /dte/get_type cat /dte/get_type at a shell returns the (non-existant) results for the new 'cat' process, not the shell. It's fine if you continue to use a short program to both write the query and obtain the results, but you don't get the plan-9-esque elegance which a pseudo-fs should provide. Since presumably everyone will be implementing a pseudo-fs soon, and since it seems worthwhile for the modules to each use a similar layout for the pseudo-fs, what do other people think? Is a /pseudo-fs/pid/filename layout better, or just needless added complexity? _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sun Feb 02 2003 - 22:53:55 PST