No subject
Sat Apr 5 03:57:03 MDT 2008
of Fd designation may be described. If we add an integer value to these, we
would end up with the folowing structure that could optionaly
(CONF_DESIGNATION) be added to the task structure:
struct fd_designation {
int designation_type;
int fd1;
int fd2;
fd_set *fset;
struct semaphore sem;
}
We shall define the folowing values for designation_type:
0 : no designation (or fdset only).
1 : fd1=file Fd
2 : fd2=dir Fd
3 : fd1=old dirfd, fd2=newdirfd
The semaphore should make sure that multiple threads of the same task
would not mess up the designation of active thread system calls form this
task.
Now we could define two functions, that would would optionaly
(CONF_DESIGNATION) be used in all of the system calls defined abouve:
void fd_designate_setup(int des_type,int f1,int f2,fd_set *fset);
void fd_designate_clear(int des_type,int f1,int f2,fd_set *fset);
This way, during the defined 21 system calls, the fd_designation structure
within the task structure would be set to the proper values, that could
than where appropriate, and any LSM needing this information should be able
to acquire it, without any added hooks for the LSM framework.
More information about the Apparmor-dev
mailing list