Re: [PATCH] security_task_lookup hook

From: Stephen Smalley (sds@private)
Date: Mon Aug 16 2004 - 11:02:39 PDT

Previous message: Serge Hallyn: "[PATCH] network device statistic hooks"
In reply to: Serge Hallyn: "[PATCH] security_task_lookup hook"
Next in thread: Serge Hallyn: "Re: [PATCH] security_task_lookup hook"
Reply: Serge Hallyn: "Re: [PATCH] security_task_lookup hook"
Reply: Serge Hallyn: "Re: [PATCH] security_task_lookup hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Mon, 2004-08-16 at 14:45, Serge Hallyn wrote:
> Attached is a proposed patch to implement a security_task_lookup hook. 
> The included bsdjail.c file is an example user.  Vserver is another
> obvious potential user.
> 
> This hook is called when filling in the list of per-process directories
> under /proc.  Returning non-0 allows a LSM to hide the existance of a
> process.  Note that we do not attempt to hide the generic existance of
> other processes :)  That would require normalizing process cpu and mem
> usage statistics, etc.

For consistency, shouldn't the same hook also be called by
proc_pid_lookup?

-- 
Stephen Smalley <sds@private>
National Security Agency

Previous message: Serge Hallyn: "[PATCH] network device statistic hooks"
In reply to: Serge Hallyn: "[PATCH] security_task_lookup hook"
Next in thread: Serge Hallyn: "Re: [PATCH] security_task_lookup hook"
Reply: Serge Hallyn: "Re: [PATCH] security_task_lookup hook"
Reply: Serge Hallyn: "Re: [PATCH] security_task_lookup hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Aug 16 2004 - 11:04:18 PDT