I've been thinking about LSM stacker module these a few days. Sharing
the void *security between multiple secondary modules is tough, real tough.
The only problem that haunts me now is:
How to deal with the incore kernel object security data allocated by a
secondary module after unloading this module?
For tasks, I think we can do it this way:
/* assume the name of the secondary module that is being unloaded is aaa */
for_each_process(p) {
/* swap the p->security for aaa */
aaa_ops->task_free_security(p);
/* swap it back */
}
What do you think? And what about inodes, bprms and others?
Thanks!
hao
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
