[RFC] [PATCH] Replace security fields with hashtable

From: Serge E. Hallyn (serue@private)
Date: Tue Oct 26 2004 - 15:04:56 PDT

Previous message: Chris Wright: "Re: [Fwd: Security alert message on startup]"
Next in thread: James Morris: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: James Morris: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Stephen Smalley: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Chris Wright: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Stephen Smalley: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Chris Wright: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Chris Wright: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Mimi Zohar: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Chris Wright: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Mimi Zohar: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Attached is a patch which removes all lsm security annotations on
kernel objects and replaces them with a hash table.  An LSM can store
and retrieve information using functions exported from
security/security.c.

These are:
	int security_set_value(void *ptr, int lsm_id, void *data,
				int gfp_flags);
	void *security_get_value(void *ptr, int lsm_id)
	void *security_del_value(void *ptr, int lsm_id)

This naturally solves the lsm stacking problem.  It has the added
benefit of saving memory (and presumably time) on a system with LSM
compiled out.

I am attaching the following patches (against 2.6.9):
	lsm-hash.patch: implements the hash table described above,
		and removes the kernel object ->security fields.
	stacker.patch: adds the stacker module
	tasklookup.patch: adds the necessary tasklookup LSM hookd
		for testing bsdjail.
	bsdjail-full.patch: adds a bsdjail module rewritten to use
		this hash table

On request, I can also send out the dte and digsig versions which I
stacked on top of bsdjail in order to test this patch.

Feedback is much appreciated.

thanks,
-serge

text/plain attachment: lsm-hash.patch

text/plain attachment: stacker.patch

text/plain attachment: tasklookup.patch

text/plain attachment: bsdjail-full.patch

Previous message: Chris Wright: "Re: [Fwd: Security alert message on startup]"
Next in thread: James Morris: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: James Morris: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Stephen Smalley: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Chris Wright: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Stephen Smalley: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Chris Wright: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Chris Wright: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Mimi Zohar: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Chris Wright: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Mimi Zohar: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Tue Oct 26 2004 - 15:08:42 PDT