On Mon, 2007-02-05 at 17:04 +0800, Ian jonhson wrote: > > what is the value of errno? All that the return > > of -1 indicates is that there was an error. To > > determine what the error was you need to look > > at the global errno. > > > > > > Yes, I have checked the global errno, the -1 is -EPERM. That means > that I have no permission to write according the codes. > > > > It's not clear to me if your problem is with > > the call to open or to write. If the call to > > write is your problem you need the errno value > > to go further. > > > > > > I have checked the running trace and find that I have opened the file > successfully but the write operation return the -1 to me. Therefore, I > think that the error occur in the write operation. What about you?
(1) Think twice about using a binary struct in your /proc/self/attr API, much less one whose size is not fixed. (2) The return code from the write is not the same thing as the errno value, and the errno value wouldn't be negative in userspace. After the write() call, call perror() to print the human-readable error message for the errno value. (3) Does your security module implement a setprocattr hook, include it in its security_operations struct, and register itself? (4) Did you remember to disable all other security modules, either in your kernel config or at boot via command line options, so that they don't grab the security_ops before your module can do so? -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
