|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Integrating securelevel and kauth(9)
From: David Laight (david
l8s.co.uk)
Date: Fri Mar 24 2006 - 13:08:02 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Mar 24, 2006 at 06:42:53PM +0000, Christos Zoulas wrote:
>
> So under the proposal the old "securelevel" variable will map into a
> list of "capabilities" something like:
>
> old new
> --------------------------------------------------------------------------
> securelevel == -1 mask with all the capabilities allowed
> securelevel == 0 mask with some capabilities allowed
> securelevel == 1 mask with fewer capabilities allowed
> securelecel == 2 mask with no capabilities allowed
>
> If we assume that we are currently running at securelevel 1, and
> we add or remove a capability, we'll be in a situation where the
> securelevel variable will still be 1 but this will not match
> the original level 1 mask.
>
> What does it mean to change the securelevel after that? Do we even
> allow it? Do we have a setting for securelevel that means "custom"?
> I think if we need a "custom" securelevel value then we'll need to
> involve a third variable to indicate this so that LKM's still work.
For compatibility with old LKM (and driver code) I'd suggest that
we'd have the constants MASK_0, MASK_1 and MASK_2 (MASK_-1 is zero).
Whenever the new mask is changed we could do:
if (mask & MASK_2)
securelevel = 2;
else if (mask & MASK_1)
securelevel = 1;
else if (mask & MASK_0)
securelevel = 0;
else securelevel = -1;
Then code that checks (securelevel > n) will still error out whenever
is should - although a check of the mask itself might allow the request.
David
--
David Laight: davidl8s.co.uk
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]