On Fri, 2005-04-01 at 09:11 -0500, Dmitry Torokhov wrote: > So the question is - should there be a way for the kernel to temporary > switch context to "kernel" before executing some operations? I could > hack firmware loader to always start a new thread, but I wonder if we > have more places that need to temporarily override callers context and > therefore more general solution is needed. At present, the security_task_reparent_to_init LSM hook is used (by the kernel reparent_to_init function, which is also called by its daemonize function) to change the security state of the task, including both the SELinux state and the normal uid/capability state. But that assumes a non-reversible transformation, not a temporary change, with a definite break from any original user context. There used to also be a kmod_set_label hook for the kernel module loader, but that was obsoleted by keventd. Whether or not an interface as you describe is needed is unclear; there is no usage case at present, and temporary changes in credentials are often a source of security flaws. -- Stephen Smalley <sds@xxxxxxxxxxxxx> National Security Agency
