Re: Question about security system call in LSM ?

From: Seth Arnold (sarnold@private)
Date: Sun Mar 13 2005 - 18:59:31 PST

On Fri, Mar 11, 2005 at 05:17:23AM -0800, Park Lee wrote:
>   But, as we know, sys_security was rejected by the
> Linux mainline kernel. then, Is there any other
> security system call that is provided for
> security-aware applications in LSM?  or, Does LSM
> still use the general security system call? 

The general security system call is not available in kernels deployed
by users.

In lieu of this system call, you (as an LSM implementer) have several
options for userland<->kernel communication:

  o  /proc/*/attr/*
  o  making your own /proc/ files (not recommended)
  o  making your own character device file (probably a colossal pain in
     the face of devfs and udev)
  o  using sysctl
  o  using sysfs
  o  writing your own filesystem
  o  using netlink

If you can use sysfs alone, that is probably the most Linuxish way of
getting it done; however, if sysfs's design doesn't match your needs,
then I think the next best way is to write your own filesystem.

Have fun :)

This archive was generated by hypermail 2.1.3 : Sun Mar 13 2005 - 19:23:49 PST