Re: Out of tree module using LSM

[email protected] wrote on 28/11/2007 17:39:56:

> On Wed, 28 Nov 2007 16:46:13 +0000
> Christoph Hellwig <[email protected]> wrote:
> 
> > On Wed, Nov 28, 2007 at 08:38:43AM -0800, Casey Schaufler wrote:
> > > Would you like to expound on that, or do you feel your claws
> > > are sharp enough already?
> > 
> > Just take a look at code.
> > 
> 
> The module in question hooks to the syscall table which is not
> acceptable.  Including dumpster diving through symbol table to
> find the syscall table since it is no longer exported.

That is not completely true.

As I said in the second part of my original email (that part Christoph 
deleted so please read it whole) I would prefer not to discuss all the 
ugly things some parts of our code do because they are irrelevant to the 
LSM discussion. But I still feel some extra explanation might be needed.

Talpa is modular itself being composed of a set of kernel modules of which 
not all are loaded simultaneously. Where possible LSM can be used and _no_ 
messing with syscall table will take place. Unfortunately where another 
LSM user is present that won't work and another solution had to be found. 
Also that drags history from 2.4 where that was the only solution.

So as there is no question the current code does some ugly things it is 
even more true that we would be even more happy to use an official API. 
LSM was that and we were happily using it which we won't be able to do if 
it abruptly goes away. Yes it is not a perfect match but until it is 
modified to be better, or until something appropriate is designed and 
implemented, it would be very nice if it could stay.

-- 
Tvrtko August Ursulin
Senior Software Engineer, Sophos

Tel: 01235 559933
Web: www.sophos.com
Protecting business against viruses, spyware, spam and policy abuse


Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon,
OX14 3YP, United Kingdom.

Company Reg No 2096520. VAT Reg No GB 348 3873 20.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: Out of tree module using LSM
    • From: Jan Engelhardt <[email protected]>
  • Re: Out of tree module using LSM
    • From: James Morris <[email protected]>
  • Re: Out of tree module using LSM
    • From: Alan Cox <[email protected]>

• References:
  • Re: Out of tree module using LSM
    • From: Stephen Hemminger <[email protected]>

• Prev by Date: Re: [PATCH] kexec: force x86_64 arches to boot kdump kernels on boot cpu
• Next by Date: Re: "hwcap 0 nosegneg" doesnt work with paravirt_ops xen as of 2.6.23.9
• Previous by thread: Re: Out of tree module using LSM
• Next by thread: Re: Out of tree module using LSM
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]