From: "Z. Cliffe Schreuders" <c.schreuders@murdoch.edu.au>
To: casey@schaufler-ca.com
Cc: Jan Engelhardt <jengelh@computergmbh.de>, linux-kernel@vger.kernel.org
Subject: Re: Including STRTOK_R in a LSM
Date: Mon, 16 Jul 2007 22:43:09 +0800 [thread overview]
Message-ID: <469B83FD.8080409@murdoch.edu.au> (raw)
In-Reply-To: <214530.36096.qm@web36609.mail.mud.yahoo.com>
Casey Schaufler wrote:
> --- "Z. Cliffe Schreuders" <c.schreuders@murdoch.edu.au> wrote:
>
>
>> What I need is to ignore double delimiters such as (::). This can be
>> done trivially with a string comparison to check for "\0". What I want
>> to know is if it is ok to include the strtok_r code in my security
>> module, or if strtok was removed for a very good reason. I am porting a
>> lot of existing code which already uses strtok_r to a kernel security
>> module.
>>
>
> All over the Linux world little red flags are popping up.
>
> Text processing of the sort that requires token parsing is rare
> in the kinds of things the kernel is usually called upon to do.
> You did mention, and someone else demonstrated, that there are
> existing alternatives that you could adopt. Cluttering the kernel
> with duplicate functionality is strongly discouraged.
>
Thanks Casey,
I plan to pass simple lines of policy from user-space into kernel
functions which use this information to build the internal
representation of policy.
I had started writing these functions in user-space (to save time :\)
and stupidly did not check that strtok_r was available from within the
kernel (I thought string.h would include it). Anyway, so now I have a
rewrite on my hands (unless I just include the strtok_r code). All part
of the learning process I guess.
> As far as porting existing code into the kernel goes, be sure to
> have a look at the official coding style before you show what you've
> done to anyone.
Will do.
> If you're porting "a lot" of code (Use SELinux as a
> benchmark for an LSM. If you're bigger than that you have "a lot"
> of code) you may also be putting too much into the kernel.
It is not a lot in comparison to SELinux.
Thanks,
Cliffe.
next prev parent reply other threads:[~2007-07-16 14:46 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-16 8:52 Including STRTOK_R in a LSM Z. Cliffe Schreuders
2007-07-16 10:16 ` Jan Engelhardt
2007-07-16 12:19 ` Z. Cliffe Schreuders
2007-07-16 13:34 ` Casey Schaufler
2007-07-16 14:43 ` Z. Cliffe Schreuders [this message]
2009-03-16 14:03 ` Getting the port numbers and IP address from struct socket Cliffe
2009-03-16 13:58 ` Matthias Kaehlcke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=469B83FD.8080409@murdoch.edu.au \
--to=c.schreuders@murdoch.edu.au \
--cc=casey@schaufler-ca.com \
--cc=jengelh@computergmbh.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox