Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1030380AbWHXQnq (ORCPT ); Thu, 24 Aug 2006 12:43:46 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1030378AbWHXQnq (ORCPT ); Thu, 24 Aug 2006 12:43:46 -0400 Received: from outpipe-village-512-1.bc.nu ([81.2.110.250]:11985 "EHLO lxorguk.ukuu.org.uk") by vger.kernel.org with ESMTP id S1030377AbWHXQnp (ORCPT ); Thu, 24 Aug 2006 12:43:45 -0400 Subject: Re: [PATCH 3/7] SLIM main patch From: Alan Cox To: "Serge E. Hallyn" Cc: kjhall@us.ibm.com, Benjamin LaHaise , linux-kernel , LSM ML , David Safford , Mimi Zohar In-Reply-To: <20060824152322.GD32764@sergelap.austin.ibm.com> References: <1156359937.6720.66.camel@localhost.localdomain> <20060823192733.GG28594@kvack.org> <1156365357.6720.87.camel@localhost.localdomain> <1156418815.3007.89.camel@localhost.localdomain> <20060824133248.GC15680@sergelap.austin.ibm.com> <1156428917.3007.150.camel@localhost.localdomain> <20060824152322.GD32764@sergelap.austin.ibm.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit Date: Thu, 24 Aug 2006 18:05:13 +0100 Message-Id: <1156439113.3007.170.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.6.2 (2.6.2-1.fc5.5) Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1498 Lines: 35 Ar Iau, 2006-08-24 am 10:23 -0500, ysgrifennodd Serge E. Hallyn: > Or will the page associated with the tty already have the data, and this > really just needs to be fixed in the tty itself? It is a matter of the timing and the device. You need to do revocation at the device level because your security state change must occur after the devices have all been dealt with. This is why I said you need the core of revoke() to do this. Patches like the one below are really trying to wallpaper over the cracks in an implementation that doesn't work. The moment you replace that part of the implementation with a proper revocation method that waits for resources to be safe then it all works. The security model is fine, the implementation is hitting the same revocation feature wall as others. > permission from a vma_area_struct. This can be used, for example, > by security modules wishing to revoke write permissions to a process > whose clearance has changed. What about drivers that use get_user_pages() - they have a locked kernel mapping to the object but may not yet have accessed the data. Plus the idea of a security indirect call every time we make a page writable does not make me happy when considering performance. Not one iota. Alan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/