Stephen Smalley wrote:
On Tue, 2007-08-07 at 16:11 +0800, Cliffe wrote:
...
Don't confuse kernel stack limitation with the ability to dynamically
allocate memory in the kernel.
How large is your policy? I'm guessing that SELinux reference policy is
larger, e.g. from /proc/slabinfo:
# name <active_objs> <num_objs> <objsize> <objperslab> <pagesperslab> : tunables <limit> <batchcount> <sharedfactor> : slabdata <active_slabs>
<num_slabs> <sharedavail> : globalstat <listallocs> <maxobjs> <grown> <reaped> <error> <maxfreeable> <nodeallocs> <remotefrees> <alienoverflow> : cpustat
<allochit> <allocmiss> <freehit> <freemiss>
avtab_node 261133 261188 40 92 1 : tunables 32 16 8 :
slabdata 2839 2839 0 : globalstat 261144 261144 2839 0
0 0 0 0 0 : cpustat 244102 17031 0 0
Thanks Stephen, for clearing up that misunderstanding.
...
I also have a related question: my policy includes the option to specify
allowed one-way-hashes (such as SHA-1) of a binary. How can I (and am I
allowed to) pull this information (the hash of a specified binary) from
my user-space daemon?
...
Cheers,
Cliffe.
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
