[RFC] [PATCH] Replace security fields with hashtable

From: Serge E. Hallyn (serue@private)
Date: Tue Oct 26 2004 - 15:04:56 PDT

Attached is a patch which removes all lsm security annotations on
kernel objects and replaces them with a hash table.  An LSM can store
and retrieve information using functions exported from

These are:
	int security_set_value(void *ptr, int lsm_id, void *data,
				int gfp_flags);
	void *security_get_value(void *ptr, int lsm_id)
	void *security_del_value(void *ptr, int lsm_id)

This naturally solves the lsm stacking problem.  It has the added
benefit of saving memory (and presumably time) on a system with LSM
compiled out.

I am attaching the following patches (against 2.6.9):
	lsm-hash.patch: implements the hash table described above,
		and removes the kernel object ->security fields.
	stacker.patch: adds the stacker module
	tasklookup.patch: adds the necessary tasklookup LSM hookd
		for testing bsdjail.
	bsdjail-full.patch: adds a bsdjail module rewritten to use
		this hash table

On request, I can also send out the dte and digsig versions which I
stacked on top of bsdjail in order to test this patch.

Feedback is much appreciated.


This archive was generated by hypermail 2.1.3 : Tue Oct 26 2004 - 15:08:42 PDT