On Tue, 2005-02-01 at 09:33, Stephen Smalley wrote: > The structure allocated upon the alloc_security could be just a trivial > container structure with a pointer to the real structure to be filled in > later upon the exec, so that you don't have to manipulate the chain of > security objects at that time. Module removal has plenty of other > safety issues already, doesn't it? Of course, the container structure would also need to have some kind of synchronization primitive, e.g. a semaphore, that can be initialized upon alloc_security and used by later hooks, so that you can then synchronize attempts to allocate the real structure and set the pointer to it upon other hooks like inode_permission. Somewhat similar to what SELinux already does when setting up the content of the already allocated inode security structure from d_instantiate. -- Stephen Smalley <sds@private> National Security Agency
This archive was generated by hypermail 2.1.3 : Wed Feb 02 2005 - 06:14:27 PST