From: Oren Laadan <orenl-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
To: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: Re: [PATCH 2/4] cr: add generic LSM c/r support (v6)
Date: Tue, 20 Oct 2009 21:03:38 -0400 [thread overview]
Message-ID: <4ADE5DEA.2000606@librato.com> (raw)
In-Reply-To: <20091019190227.GA7201-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Serge E. Hallyn wrote:
> Quoting Oren Laadan (orenl-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org):
>>> oct 19: At checkpoint, we insert the void* security into the
>>> objhash. The first time that we do so, we next write out
>>> the string representation of the context to the checkpoint
>>> image, along with the value of the objref for the void*
>>> security, and insert that into the objhash. Then at
>>> restart, when we read a LSM context, we read the objref
>>> which the void* security had at checkpoint, and we then
>>> insert the string context with that objref as well.
>> I hoped to see similar comment inlined in the code.
>
> If we're happy with this approach, then I will add good comments above
> security_checkpoint_obj and security_restore_obj, and above the objhash
> entries.
[...]
>>> +/**
>>> + * security_checkpoint_obj - if first checkpoint of this void* security,
>>> + * then 1. ask the LSM for a string representing the context, 2. checkpoint
>>> + * that string
>>> + * @ctx: the checkpoint context
>>> + * @security: the void* security being checkpointed
>>> + * @sectype: indicates the type of object, because LSMs can (and do) store
>>> + * @secref: We return the objref here
>>> + * different types of data for different types of objects.
>>> + *
>>> + * Returns the objref of the checkpointed ckpt_lsm_string representing the
>>> + * context, or -error on error.
>>> + *
>>> + * This is only used at checkpoint of course.
>>> + */
>>> +int security_checkpoint_obj(struct ckpt_ctx *ctx, void *security,
>>> + int sectype, int *secref)
>> This function returns 0 for success or a negative error. It should
>> return the @secref instead of passing it by reference (see your
>> description of the return value above !)
>>
>> [...]
>
> Yes the comment is out of date but the API is imo an improvement.
> Note that SECURITY_CTX_NONE, -1, is a meaningful secref, and at
> the sametime -EPERM, -1, is conceivably a valid error code (though
> at the moment no lsm will return it).
>
> So I think overloading the secref with error codes is wrong here.
How about #define SECURITY_CTX_NONE 0 ?
it isn't a valid objref anyway.
[...]
Oren.
next prev parent reply other threads:[~2009-10-21 1:03 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-19 14:43 [PATCH 1/4] add lsm name and lsm_info (policy header) to container info Serge E. Hallyn
[not found] ` <20091019144315.GA30535-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-19 14:43 ` [PATCH 2/4] cr: add generic LSM c/r support (v6) Serge E. Hallyn
[not found] ` <20091019144341.GA30566-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-19 18:13 ` Oren Laadan
[not found] ` <4ADCAC5B.9080205-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
2009-10-19 19:02 ` Serge E. Hallyn
[not found] ` <20091019190227.GA7201-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-21 1:03 ` Oren Laadan [this message]
[not found] ` <4ADE5DEA.2000606-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
2009-10-21 1:18 ` Serge E. Hallyn
[not found] ` <20091021011846.GA26728-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-21 1:21 ` Oren Laadan
[not found] ` <4ADE621E.2080603-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
2009-10-21 5:01 ` Serge E. Hallyn
2009-10-20 1:16 ` Serge E. Hallyn
2009-10-19 14:44 ` [PATCH user-cr] restart: accept the lsm_name field in header and add -k flag (v2) Serge E. Hallyn
2009-10-19 14:44 ` [PATCH 3/4] cr: add smack support to lsm c/r (v6) Serge E. Hallyn
2009-10-19 14:44 ` [PATCH 4/4] cr: add selinux support (v6) Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4ADE5DEA.2000606@librato.com \
--to=orenl-rdfvbdnroixbdgjk7y7tuq@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.