Re: LSM root_plug module questions

[Chris Wright]

* David Härdeman (david@xxxxxxxx) wrote:
> I'm currently playing around with the security/root_plug.c LSM module 
> and I have two questions:

you'll have better luck on the lsm list 

> 1) What's the recommended way of telling that someone is logging in to 
> the computer (via ssh, virtual console, serial console, X, whatever) 
> with LSM? Look for open() on /dev/pts?

logging in...this is really a userspace notion, so via PAM.  creating a
new process or changing credentials of a new process are the types of
things that lsm watches (and of course, opening of files).

> 2) root_plug currently scans the usb device tree looking for the 
> appropriate device each time it's needed. In the interest of making the 
> result of the lookup cached, it is possible for a module to register so 
> that it is notified when a usb device is added/removed?

I don't think that can be done in a race free manner.  Perhaps get the
device and check its state, but you'd have to ask usb folks.  ATM, it's
only checked during exec of root process.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/