Hello. James Morris wrote: > Why do you need racy unlocked versions, in addition to the existing > security_task_kill() hook which is called safely via > check_kill_permission() ?
TOMOYO Linux provides "delayed enforcing mode" which allows administrator judge interactively for requests that violated policy. Sometimes, especially after updating software packages, irregular behavior arise. So, the administrator prepares for such irregular behavior by invoking "ccs-queryd" userland program. The "ccs-queryd" prints the contents of policy violation and asks the administrator whether to grant the request that violated policy. This can reduce the possibility of "restarting process failed due to permission denied". Thus, security_task_kill() which is called with tasklist_lock held is not what TOMOYO Linux wants. I know this approach is racy, but TOMOYO Linux wants these unlocked versions to avoid failure due to permission denial caused by MAC's policy. Regards. - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
