KaiGai Kohei wrote: > Folks, > > Now we have a few approaches to support SELinux. > Which is the preferable to get upstreamed? > > 1. The idea of mpm_security > It spawns a new process for each connections. It gives third-party modules > a chance to assign appropriate privileges prior to invocations of the > handler. > MERIT: > - It can be a good news for other modules which intend to do similar things > such as virtual-host level privileges and so on. > > DEMERIT: > - It requires us to maintain an original MPM, although most of them are > delivered from other one (prefork?). > > 2. The idea of mod_selinux > It overrides the process_connection hook, and spawns a new worker thread > (or process). The worker goes in the hook again, then the module assigns > an appropriate privilege prior invocation of the handler. > MERIT: > - Its code size is quite smaller than the first approach. > About 70 lines of code enables to spawn a one-time thread. > > http://code.google.com/p/sepgsql/source/browse/misc/mod_selinux/mod_selinux.c#267 > > DEMERIT: > - Needless to say, it is not a good news for other modules.
Here, we may be able to have an idea which applies a hybrid approach. The above two idea have both of its merit and demerit. However, I noticed these demerits can be cancelled as follows: 3. The hybrid idea In this idea, we need to provide two modules. The one overrides the process_connection hook, and it spawns a new worker process for each connection. The worker process will be killed just after completion of the request handling, and the parent just waits for it. The worker process is always one-time entity, so other (security) modules can assign more restrictive privileges on the working context itself. (Because it will exit later, it has no side-effect.) The other module implements SELinux specific part. It can assigns more restrictive privileges before invocation of contents handler. Needless to say, it can be used for other security stuffs. MERIT: - This idea can be used for other operating system and security stuff, not only SELinux. - We can maintenance the module easier than whole of a new MPM. Now I get believed the third hybrid idea is more preferable. I would like to see any other opinions, Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <[email protected]>
