From: Oren Laadan <orenl-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
To: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: Re: [PATCH 2/4] cr: add generic LSM c/r support (v6)
Date: Tue, 20 Oct 2009 21:21:34 -0400 [thread overview]
Message-ID: <4ADE621E.2080603@librato.com> (raw)
In-Reply-To: <20091021011846.GA26728-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Serge E. Hallyn wrote:
> Quoting Oren Laadan (orenl-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org):
>>
>> Serge E. Hallyn wrote:
>>> Quoting Oren Laadan (orenl-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org):
>>>>> oct 19: At checkpoint, we insert the void* security into the
>>>>> objhash. The first time that we do so, we next write out
>>>>> the string representation of the context to the checkpoint
>>>>> image, along with the value of the objref for the void*
>>>>> security, and insert that into the objhash. Then at
>>>>> restart, when we read a LSM context, we read the objref
>>>>> which the void* security had at checkpoint, and we then
>>>>> insert the string context with that objref as well.
>>>> I hoped to see similar comment inlined in the code.
>>> If we're happy with this approach, then I will add good comments above
>>> security_checkpoint_obj and security_restore_obj, and above the objhash
>>> entries.
>> [...]
>>
>>>>> +/**
>>>>> + * security_checkpoint_obj - if first checkpoint of this void* security,
>>>>> + * then 1. ask the LSM for a string representing the context, 2. checkpoint
>>>>> + * that string
>>>>> + * @ctx: the checkpoint context
>>>>> + * @security: the void* security being checkpointed
>>>>> + * @sectype: indicates the type of object, because LSMs can (and do) store
>>>>> + * @secref: We return the objref here
>>>>> + * different types of data for different types of objects.
>>>>> + *
>>>>> + * Returns the objref of the checkpointed ckpt_lsm_string representing the
>>>>> + * context, or -error on error.
>>>>> + *
>>>>> + * This is only used at checkpoint of course.
>>>>> + */
>>>>> +int security_checkpoint_obj(struct ckpt_ctx *ctx, void *security,
>>>>> + int sectype, int *secref)
>>>> This function returns 0 for success or a negative error. It should
>>>> return the @secref instead of passing it by reference (see your
>>>> description of the return value above !)
>>>>
>>>> [...]
>>> Yes the comment is out of date but the API is imo an improvement.
>>> Note that SECURITY_CTX_NONE, -1, is a meaningful secref, and at
>>> the sametime -EPERM, -1, is conceivably a valid error code (though
>>> at the moment no lsm will return it).
>>>
>>> So I think overloading the secref with error codes is wrong here.
>> How about #define SECURITY_CTX_NONE 0 ?
>> it isn't a valid objref anyway.
>
> Ok, I thought we'd decided using 0 wasn't right for some reason, but
> I'll do that then.
An objref == 0 may have a special meaning when handled by restore_obj().
But here it's entirely private to security_{checkpoint/restart}_obj().
Oren.
next prev parent reply other threads:[~2009-10-21 1:21 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-19 14:43 [PATCH 1/4] add lsm name and lsm_info (policy header) to container info Serge E. Hallyn
[not found] ` <20091019144315.GA30535-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-19 14:43 ` [PATCH 2/4] cr: add generic LSM c/r support (v6) Serge E. Hallyn
[not found] ` <20091019144341.GA30566-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-19 18:13 ` Oren Laadan
[not found] ` <4ADCAC5B.9080205-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
2009-10-19 19:02 ` Serge E. Hallyn
[not found] ` <20091019190227.GA7201-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-21 1:03 ` Oren Laadan
[not found] ` <4ADE5DEA.2000606-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
2009-10-21 1:18 ` Serge E. Hallyn
[not found] ` <20091021011846.GA26728-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-21 1:21 ` Oren Laadan [this message]
[not found] ` <4ADE621E.2080603-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
2009-10-21 5:01 ` Serge E. Hallyn
2009-10-20 1:16 ` Serge E. Hallyn
2009-10-19 14:44 ` [PATCH user-cr] restart: accept the lsm_name field in header and add -k flag (v2) Serge E. Hallyn
2009-10-19 14:44 ` [PATCH 3/4] cr: add smack support to lsm c/r (v6) Serge E. Hallyn
2009-10-19 14:44 ` [PATCH 4/4] cr: add selinux support (v6) Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4ADE621E.2080603@librato.com \
--to=orenl-rdfvbdnroixbdgjk7y7tuq@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox