[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-security-module
Subject:    Re: Question about security system call in LSM ?
From:       Kristian =?iso-8859-1?q?S=F8rensen?= <ks () cs ! aau ! dk>
Date:       2005-03-14 8:10:46
Message-ID: 200503140910.46389.ks () cs ! aau ! dk
[Download RAW message or body]

Hi

On Monday 14 March 2005 03:59, Seth Arnold wrote:
> On Fri, Mar 11, 2005 at 05:17:23AM -0800, Park Lee wrote:
> >   But, as we know, sys_security was rejected by the
> > Linux mainline kernel. then, Is there any other
> > security system call that is provided for
> > security-aware applications in LSM?  or, Does LSM
> > still use the general security system call?
We maintained a system call (our own) for the Umbrella Project for a long 
time. It is certainly not recommended. The patch needs reworking for almost 
every new release of the vanilla Linux kernel.

>
> The general security system call is not available in kernels deployed
> by users.
>
> In lieu of this system call, you (as an LSM implementer) have several
> options for userland<->kernel communication:
>
>   o  /proc/*/attr/*
>   o  making your own /proc/ files (not recommended)
Why not? It is simple, effective and transparent :-)

You mention that sysfs is the way to go. What is the real difference between 
sysfs and procfs?
 

Cheers, Kristian.


-- 
Kristian Sørensen
- The Umbrella Project  --  Security for Consumer Electronics
  http://umbrella.sourceforge.net

E-mail: ipqw@users.sf.net, Phone: +45 29723816

[prev in list] [next in list] [prev in thread] [next in thread]