Re: LSM root_plug module questions

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Chris Wright <chrisw@osdl.org>
To: "David Härdeman" <david@2gen.com>
Cc: linux-kernel@vger.kernel.org, linux-security-module@wirex.com
Subject: Re: LSM root_plug module questions
Date: Tue, 30 Aug 2005 14:55:18 -0700	[thread overview]
Message-ID: <20050830215518.GX7991@shell0.pdx.osdl.net> (raw)
In-Reply-To: <20050830213112.GA28997@hardeman.nu>

* David Härdeman (david@2gen.com) wrote:
> I'm currently playing around with the security/root_plug.c LSM module 
> and I have two questions:

you'll have better luck on the lsm list 

> 1) What's the recommended way of telling that someone is logging in to 
> the computer (via ssh, virtual console, serial console, X, whatever) 
> with LSM? Look for open() on /dev/pts?

logging in...this is really a userspace notion, so via PAM.  creating a
new process or changing credentials of a new process are the types of
things that lsm watches (and of course, opening of files).

> 2) root_plug currently scans the usb device tree looking for the 
> appropriate device each time it's needed. In the interest of making the 
> result of the lookup cached, it is possible for a module to register so 
> that it is notified when a usb device is added/removed?

I don't think that can be done in a race free manner.  Perhaps get the
device and check its state, but you'd have to ask usb folks.  ATM, it's
only checked during exec of root process.

next prev parent reply	other threads:[~2005-08-30 22:06 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-08-30 21:31 LSM root_plug module questions David Härdeman
2005-08-30 21:55 ` Chris Wright [this message]
2005-08-30 22:38   ` Crispin Cowan
2005-08-31  8:04   ` David Härdeman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050830215518.GX7991@shell0.pdx.osdl.net \
    --to=chrisw@osdl.org \
    --cc=david@2gen.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@wirex.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox