|
From: | John Ogness |
Subject: | Re: [Dazuko-devel] spinlocks, userspace? |
Date: | Thu, 23 Dec 2004 09:46:44 +0100 |
User-agent: | Mozilla Thunderbird 0.9 (X11/20041114) |
bert hubert wrote:
However, in thinking up my own dazuko, I was told that some LSM hooks areunder spinlock, which make it impossible to call down to userspace to get its opinion on allowing access or not.This would not be a problem on uniprocessor builds though. Did you solve this problem? Or are my friends wrong about the spinlocks?
Hi,This is interesting. I was not aware of this either. Dazuko uses only the inode_permission() hook. Unfortunately I do not have an SMP machine to try this out.
Also, for performance reasons I was considering a kernel-side cache of decisions, which could be invalidated from userspace. This is only useful if there are only static rules of course.
[1]RSBAC includes Dazuko and also offers this feature. It would work well for anti-virus scanners, but for other applications such as loggers it probably would not be good. RSBAC implemented this be remembering the state of files and the decision that was made. As long as the file has not changed in any way, the decision always remains the same. Once the file has changed, the userspace application is asked again.
[1] http://www.rsbac.org
Thanks for your time and answers. I hope to work with dazuko to implement some of my ideas.
Great! We welcome fresh ideas (and help)! John -- Dazuko Maintainer
[Prev in Thread] | Current Thread | [Next in Thread] |