Re: Question about security system call in LSM ?

From: Kristian Sørensen (ks@private)
Date: Mon Mar 14 2005 - 00:10:46 PST


On Monday 14 March 2005 03:59, Seth Arnold wrote:
> On Fri, Mar 11, 2005 at 05:17:23AM -0800, Park Lee wrote:
> >   But, as we know, sys_security was rejected by the
> > Linux mainline kernel. then, Is there any other
> > security system call that is provided for
> > security-aware applications in LSM?  or, Does LSM
> > still use the general security system call?
We maintained a system call (our own) for the Umbrella Project for a long 
time. It is certainly not recommended. The patch needs reworking for almost 
every new release of the vanilla Linux kernel.

> The general security system call is not available in kernels deployed
> by users.
> In lieu of this system call, you (as an LSM implementer) have several
> options for userland<->kernel communication:
>   o  /proc/*/attr/*
>   o  making your own /proc/ files (not recommended)
Why not? It is simple, effective and transparent :-)

You mention that sysfs is the way to go. What is the real difference between 
sysfs and procfs?

Cheers, Kristian.

Kristian Sørensen
- The Umbrella Project  --  Security for Consumer Electronics

E-mail: ipqw@private, Phone: +45 29723816

This archive was generated by hypermail 2.1.3 : Mon Mar 14 2005 - 00:11:08 PST