Discussion:
[tomoyo-users-en 500] About syscalls
(too old to reply)
florian.lissandres
2012-07-19 14:23:10 UTC
Permalink
Raw Message
Hello.
I am studiying Tomoyo Linux 2.5 and I would like to have some
informations about what is catched and what is not.
I have compared syscalls while executing vim with strace and what is
catched by Tomoyo-queryd.

And I would like to have the confirmation that Tomoyo checks if a file
exists before to read through its policy?

Because, for exemple, with vim:

Tomoyo-queryd catch: file read /usr/share/vim/vim73/lang/fr/LC_MESSAGE/vim.mo

But strace catch, juste before:
open("/usr/share/vim/vim73/lang/fr_FR/LC_MESSAGE/vim.mo",O_RDONLY) =
-1 ENOENT (no such file or directory)

And so, Tomoyo has not catched the attempt of opening (catched by strace).

Thank you in advance and sorry for my english speaking.
Tetsuo Handa
2012-07-19 21:38:28 UTC
Permalink
Raw Message
Hello.
Post by florian.lissandres
And I would like to have the confirmation that Tomoyo checks if a file
exists before to read through its policy?
LSM modules do not receive queries from LSM hooks if the file to be opened
does not exist.
Post by florian.lissandres
Tomoyo-queryd catch: file read /usr/share/vim/vim73/lang/fr/LC_MESSAGE/vim.mo
open("/usr/share/vim/vim73/lang/fr_FR/LC_MESSAGE/vim.mo",O_RDONLY) =
-1 ENOENT (no such file or directory)
The pathname which is in the form of "char *" passed from user space is
converted to a "struct vfsmount"/"struct dentry" pair in the kernel.

LSM modules receive the "struct vfsmount"/"struct dentry" pair and
TOMOYO recalculates "char *" from the "struct vfsmount"/"struct dentry" pair
and checks the permission of the recalculated "char *".

If the pathname does not exist (and the pathname is not about to be created),
conversion to the "struct vfsmount"/"struct dentry" fails with ENOENT error.
Therefore,
Post by florian.lissandres
And so, Tomoyo has not catched the attempt of opening (catched by strace).
TOMOYO will not catch the attempt of opening (caught by strace).

Regards.

Loading...