Re: [PATCH] Filesystem linking protections

From: Valdis . Kletnieks
Date: Mon Feb 07 2005 - 17:14:39 EST

Next message: Olivier Galibert: "Irix NFS server usual problem"
Previous message: George Anzinger: "Re: [PATCH] Dynamic tick, version 050127-1"
In reply to: Lorenzo Hernández García-Hierro: "Re: [PATCH] Filesystem linking protections"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 07 Feb 2005 23:00:33 +0100, Lorenzo =?ISO-8859-1?Q?Hern=E1ndez_?= =?ISO-8859-1?Q?Garc=EDa-Hierro?= said:

> A sysctl can be a good option, creating a CTL_SECURITY and then
> registering stuff under it, but this requires to have the kernel hackers
> agree with implementing a new security suite and such.
> In short, re-inventing the wheel.

No, you can do this from within an LSM and the kernel hackers don't have to deal
with it....

(tech note - don't call register_sysctl_table() from within a security_initcall().
Use a separate __initcall() that gets called later - security_initcall() happens
before the kernel has the sysctl infrastructure in place. Guess how I know that? ;)

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Olivier Galibert: "Irix NFS server usual problem"
Previous message: George Anzinger: "Re: [PATCH] Dynamic tick, version 050127-1"
In reply to: Lorenzo Hernández García-Hierro: "Re: [PATCH] Filesystem linking protections"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]