Discussion:
[tomoyo-users-en 504] Re-Re about-syscalls
(too old to reply)
florian.lissandres
2012-07-27 15:44:51 UTC
Permalink
Raw Message
Thank you again!!!

I have another (last?) problem. I'm looking for the function which protect
the "file execute" and "file getattr" authorization.

All others authorizations likes "create", "mkdir", "mkfifo", "mksock",
"ioctl", "chmod", "chown", "chgrp"...are clearly protected by a function
(tomoyo_path_number_perm for those authorizations) related to one or
severall LSM hook.

Could you help me?

Florian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sourceforge.jp/mailman/archives/tomoyo-users-en/attachments/20120727/3e3d5c31/attachment.htm
Tetsuo Handa
2012-07-28 10:55:48 UTC
Permalink
Raw Message
Post by florian.lissandres
I have another (last?) problem. I'm looking for the function which protect
the "file execute" and "file getattr" authorization.
"file execute" is permission for execve(), and LSM hook for this permission is
tomoyo_bprm_check_security() in security/tomoyo/tomoyo.c .

"file getattr" is permission for stat(), and LSM hook for this permission is
tomoyo_inode_getattr() in the same file.
Post by florian.lissandres
All others authorizations likes "create", "mkdir", "mkfifo", "mksock",
"ioctl", "chmod", "chown", "chgrp"...are clearly protected by a function
(tomoyo_path_number_perm for those authorizations) related to one or
severall LSM hook.
Depending on whether pathname and/or numeric arguments are passed or not,
several functions are defined.

tomoyo_path_perm() is for one pathname,
tomoyo_path2_perm() is for two pathnames,
tomoyo_path_number_perm() is for one pathname and one number etc.

(But in CaitSith, this distinction was removed because some users may not
want to check all of these mandatory arguments.)

Regards.

Loading...