On Wed, Oct 23, 2002 at 10:27:27AM -0400, Stephen Smalley wrote:
> On Wed, 23 Oct 2002, Stephen C. Tweedie wrote:
> > setfsuid() creates credentials which are _only_ applied to file
> > operations. The namespace happens to be the same one that applies to
> > processes, but there's nothing that requires that to be the case
> Would we need a separate call for setting the SIDs to use for each
> "namespace", i.e. fs (for open, mkdir, mknod, and symlink calls), IPC
> (for semget, msgget, and shmget calls), process (for execve calls), and
> socket (for socket, connect, listen, sendmsg, and sendto calls, requiring
> two SIDs for send*)?
The BSD socket API already has a clean and extensible way of dealing
with multiple namespaces, so there's plenty of precedent about how to
do this without requiring multiple syscalls.
> While your approach would work for calls that take input SID parameters,
> what about the various calls that return SIDs either directly or via
> output SID parameters, e.g. extended forms of *stat, msgrcv, recvmsg,
> getpeername/accept plus new calls like (sem|shm|msg)sid and getsecsid?
Good question --- what is the reason you need these, and are other
security modules likely to need similar functionality? If so, there's
an argument for new syscalls which take a credentials/sid area as a
return argument.
--Stephen
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/