[PATCH] security_task_lookup hook

From: Serge Hallyn (serue@private)
Date: Mon Aug 16 2004 - 11:45:33 PDT

Previous message: Desiree Grover: "Nobody Can Beat Our 0ffer ahIJJt"
Next in thread: Stephen Smalley: "Re: [PATCH] security_task_lookup hook"
Reply: Stephen Smalley: "Re: [PATCH] security_task_lookup hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Attached is a proposed patch to implement a security_task_lookup hook. 
The included bsdjail.c file is an example user.  Vserver is another
obvious potential user.

This hook is called when filling in the list of per-process directories
under /proc.  Returning non-0 allows a LSM to hide the existance of a
process.  Note that we do not attempt to hide the generic existance of
other processes :)  That would require normalizing process cpu and mem
usage statistics, etc.

Please review and discuss.

thanks,
-serge
-- 
=======================================================
Serge Hallyn
Security Software Engineer, IBM Linux Technology Center
serue@private

text/x-patch attachment: tasklookup.diff__charset_UTF-8

Previous message: Desiree Grover: "Nobody Can Beat Our 0ffer ahIJJt"
Next in thread: Stephen Smalley: "Re: [PATCH] security_task_lookup hook"
Reply: Stephen Smalley: "Re: [PATCH] security_task_lookup hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Aug 16 2004 - 10:42:13 PDT