Re: [PATCH][RFC] Remove kmod_set_label hook

From: Chris Wright (chrisat_private)
Date: Wed Mar 26 2003 - 09:59:04 PST

  • Next message: Valdis.Kletnieksat_private: "Re: [PATCH][RFC] Remove kmod_set_label hook"

    * Valdis.Kletnieksat_private (Valdis.Kletnieksat_private) wrote:
    > On Wed, 26 Mar 2003 09:55:51 EST, "Stephen D. Smalley" <sdsat_private>  said:
    > > No objections to this change, but it would be desirable to eventually
    > > add support for running different jobs from the keventd workqueue
    > > with different security attributes.  
    > I obviously need more caffeine.. I was pretty sure stuff running out
    > of keventd was in the kernel context, and as a result was essentially
    > trusted code.  How would this work?
    Yup, you are right w.r.t. keventd.  There is a schedule_work() interface
    (for keventd, the generic primitive is the queue_work() interface) which
    is called from the context of whomever needs the work done.  It'd pretty
    straight forward to add a label here, however, it would probably require
    changing the work_struct to maintain a label, and would need a change
    to the work_queue consumer to change domains according to the label.
    Linux Security Modules
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed Mar 26 2003 - 10:04:09 PST