[OpenAFS-devel] OpenAFS Development
Jack Neely
jjneely@pams.ncsu.edu
Sun, 27 Jun 2004 22:28:23 -0400
--xXmbgvnjoT4axfJE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
> If you can read osi_module I'd expect you to understand any code in no
> time... Anyway, the assumption is that all entries in the table are within
> the kernel space between some symbol and where we're at right now. If we
> find "enough" consecutive such pointers (looks_good()), it might be the
> table. Verify by checking that some duplicates (not implemented) are
> there.
>
> This breaks if the table has already been patched, afs_syscall will be
> outside the assumed range. I liked using kallsyms_is_equal() in looks_good
> better, but we cut that when fedora un-exported kallsyms.
>
> Clearer now?
>
Indeed. Wasn't quite sure what your code was assuming about the kernel.
I've ported your code into osi_module.c. It seems to work. I didn't
port over the verify function...I'll have to do that.
Patch against todays CVS of openafs attached.
> Btw, there's new code in arla HEAD now.
:-D
>
> > The two hooks task_alloc_security and task_free_security are perfect.
> >
> I didn't implement the task_reparent_to_init (daemonize) hook. What are the
> expected semantics, just keep the pag?
>
I believe as long as the same process keeps the same pag that is the
proper behavior.
> Would it be possible to convince them to allow several LSMs to register,
> chained? Get a handler for managing the 'security' task field for all
> LSMs, call them in the order they registered, if one says 'no' the answer
> is 'no'. Or does this clash with the ideas behind the LSM system?
>
I'd like to figure this one out too. You'd think, but I'm not sure to
the ideas behind the workings of the LSM.
> > Fedora Core 2 comes with SELinux and Capabilities build directly into
> > the kernel.
> >
> Well, selinux can be disabled with a boot flag, but AFAIK capabilities
> only understands its 'disable' flag when loaded as a module. The syscall
> hack will live a while longer. Unfortunately.
>
Indeed.
Jack
> /Tomas
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
>
--
Jack Neely <slack@quackmaster.net>
Realm Linux Administration and Development
PAMS Computer Operations at NC State University
GPG Fingerprint: 1917 5AC1 E828 9337 7AA4 EA6B 213B 765F 3B6A 5B89
--xXmbgvnjoT4axfJE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="syscalls.patch"
? make-out
? out
? redhat-out
? shit
? syscalls.patch
? src/afs/LINUX/.osi_module.c.swp
Index: src/afs/LINUX/osi_module.c
===================================================================
RCS file: /cvs/openafs/src/afs/LINUX/osi_module.c,v
retrieving revision 1.52
diff -u -r1.52 osi_module.c
--- src/afs/LINUX/osi_module.c 21 Jun 2004 21:46:17 -0000 1.52
+++ src/afs/LINUX/osi_module.c 28 Jun 2004 02:20:01 -0000
@@ -34,7 +34,7 @@
#include <linux/sched.h>
#endif
#if !defined(EXPORTED_SYS_CALL_TABLE) && defined(HAVE_KERNEL_LINUX_SYSCALL_H)
-#include <linux/syscall.h>
+#include <linux/syscalls.h>
#endif
#ifdef AFS_SPARC64_LINUX24_ENV
@@ -348,8 +348,25 @@
sys_call_table = ptr - __NR_exit;
break;
}
-#else /* EXPORTED_SYS_OPEN */
- break;
+#elif defined(AFS_LINUX26_ENV) /* EXPORTED_SYS_OPEN */
+ void *lower_bound = (void *)((unsigned long)&kernel_thread & ~0xfffff);
+ int ok = 1;
+ int i;
+
+ for (i=0; i<222; i++) {
+ if (*(ptr+i) <= (void*)lower_bound || *(ptr+i) >= (void*)ptr) {
+ ok = 0;
+ ptr += i;
+ break;
+ }
+ }
+
+ if (ok) {
+ sys_call_table = ptr;
+ break;
+ }
+#else
+ break;
#endif /* EXPORTED_KALLSYMS_ADDRESS */
}
#ifdef EXPORTED_KALLSYMS_ADDRESS
--xXmbgvnjoT4axfJE--