(1) Think twice about using a binary struct in your /proc/self/attr API,
much less one whose size is not fixed.
(2) The return code from the write is not the same thing as the errno
value, and the errno value wouldn't be negative in userspace. After the
write() call, call perror() to print the human-readable error message
for the errno value.
Yes, I have done these using the following codes:
sprintf(path, "/proc/self/attr/current");
fd = open(path, O_WRONLY);
if (fd != -1) {
rc= write(fd, &my_struct, sizeof(mystruct));
if(rc == -1) perror("write failed due to");
RETVAL = rc;
close(fd);
printf(" fd is ok,errno:%d\n",-errno);
} else {
RETVAL = -errno;
printf("fd is not ok\n");
}
return RETVAL;
After running the codes above, I got the output message:
write failed due to: Invalid argument
fd is ok, errno:-29
(3) Does your security module implement a setprocattr hook, include it
in its security_operations struct, and register itself?
Surely, I have implemented the codes in setprocattr/getprocattr and
the registered them. The codes are similar with the selinux, but the
void* data transfers to my_struct.
(4) Did you remember to disable all other security modules, either in
your kernel config or at boot via command line options, so that they
don't grab the security_ops before your module can do so?
Of course, If I did not disable all other security modules, I can not
insmod my LSM modules and run it.
I just want to know why I can not set attr information to task_struct
simply as selinux. Where the error is?If the operations done this work
more easy to use, the LSM will be more popular, I think.
However, thank you very much for discussing my error freely.
Best Regards,
Ian
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
