dazuko-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Dazuko-devel] spinlocks, userspace?


From: John Ogness
Subject: Re: [Dazuko-devel] spinlocks, userspace?
Date: Thu, 23 Dec 2004 09:46:44 +0100
User-agent: Mozilla Thunderbird 0.9 (X11/20041114)

bert hubert wrote:
However, in thinking up my own dazuko, I was told that some LSM hooks are
under spinlock, which make it impossible to call down to userspace to get its opinion on allowing access or not.

This would not be a problem on uniprocessor builds though. Did you solve
this problem? Or are my friends wrong about the spinlocks?

Hi,

This is interesting. I was not aware of this either. Dazuko uses only the inode_permission() hook. Unfortunately I do not have an SMP machine to try this out.


Also, for performance reasons I was considering a kernel-side cache of
decisions, which could be invalidated from userspace. This is only useful if
there are only static rules of course.

[1]RSBAC includes Dazuko and also offers this feature. It would work well for anti-virus scanners, but for other applications such as loggers it probably would not be good. RSBAC implemented this be remembering the state of files and the decision that was made. As long as the file has not changed in any way, the decision always remains the same. Once the file has changed, the userspace application is asked again.

 [1] http://www.rsbac.org


Thanks for your time and answers. I hope to work with dazuko to implement
some of my ideas.

Great! We welcome fresh ideas (and help)!

John

--
Dazuko Maintainer




reply via email to

[Prev in Thread] Current Thread [Next in Thread]