* Valdis.Kletnieksat_private (Valdis.Kletnieksat_private) wrote: > On Wed, 26 Mar 2003 09:55:51 EST, "Stephen D. Smalley" <sdsat_private> said: > > > No objections to this change, but it would be desirable to eventually > > add support for running different jobs from the keventd workqueue > > with different security attributes. > > I obviously need more caffeine.. I was pretty sure stuff running out > of keventd was in the kernel context, and as a result was essentially > trusted code. How would this work? Yup, you are right w.r.t. keventd. There is a schedule_work() interface (for keventd, the generic primitive is the queue_work() interface) which is called from the context of whomever needs the work done. It'd pretty straight forward to add a label here, however, it would probably require changing the work_struct to maintain a label, and would need a change to the work_queue consumer to change domains according to the label. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Mar 26 2003 - 10:04:09 PST