> > And sys/security seems about as intuitive as possible.
>
> Last I looked, sysfs wasn't sufficient to implement the kind of
> interface needed by SELinux for its policy API, which is why we
> implemented selinuxfs instead (based on the example of nfsd,
> at Al Viro's suggestion).
Hmm - forgive the potential ugliness here.
However, it appears possible to emulate transactions using sysfs. When
a sysfs file is opened, an i/o buffer for this file is kmalloc'ed, set to
0, and pointed to by file->private_data. So it appears to be safe to
do:
my_sysfs_write_handler(void *kobj_x, char *buf, size_t count)
{
result = query(buf);
snprintf(buf, 200, process(result));
}
my_sysfs_read_handler(void *kobj_x, char *buf)
{
return strnlen(buf, 200);
}
If a user did not write before reading, they simply see a 0-length file.
If they do
f = open("/sys/myfs/a", O_RDWR);
write(f, "myquery", 8);
lseek(f, 0, SEEK_SET);
read(f, myresult, 20);
then they will see your response to "myquery".
-serge
This archive was generated by hypermail 2b30 : Mon Dec 01 2003 - 13:22:19 PST