To: jmorris@namei.org
Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org,
       chrisw@sous-sol.org
Subject: Re: [TOMOYO 14/15](repost) LSM expansion for TOMOYO Linux.
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
References: <4701F285.5000206@nttdata.co.jp>
	<4701F5CC.7040209@nttdata.co.jp>
	<Xine.LNX.4.64.0710020546260.21841@us.intercode.com.au>
In-Reply-To: <Xine.LNX.4.64.0710020546260.21841@us.intercode.com.au>
Message-Id: <200710022233.ICD81749.LJFFHOtOSVOFQM@I-love.SAKURA.ne.jp>
Date: Tue, 2 Oct 2007 22:33:40 +0900
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1221
Lines: 30

Hello.

James Morris wrote:
> Why do you need racy unlocked versions, in addition to the existing 
> security_task_kill() hook which is called safely via 
> check_kill_permission() ?

TOMOYO Linux provides "delayed enforcing mode" which allows administrator
judge interactively for requests that violated policy.

Sometimes, especially after updating software packages, irregular behavior arise.
So, the administrator prepares for such irregular behavior
by invoking "ccs-queryd" userland program.
The "ccs-queryd" prints the contents of policy violation and
asks the administrator whether to grant the request that violated policy.
This can reduce the possibility of "restarting process failed due to permission denied".

Thus, security_task_kill() which is called with tasklist_lock held
is not what TOMOYO Linux wants.

I know this approach is racy, but TOMOYO Linux wants these unlocked versions
to avoid failure due to permission denial caused by MAC's policy.

Regards.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/