On Tue, 2010-09-14 at 18:28 +0900, KaiGai Kohei wrote:
> <--------------------------------( cut here )-------------------------------->
>
> This patch provides a new /selinux/status entry which allows applications
> read-only mmap(2).
> This region reflects selinux_kernel_status structure in kernel space.
> struct selinux_kernel_status
> {
> u32 length; /* length of this structure */
> u32 sequence; /* sequence number of seqlock logic */
> u32 enforcing; /* current setting of enforcing mode */
> u32 policyload; /* times of policy reloaded */
> u32 deny_unknown; /* current setting of deny_unknown */
> };
>
> When userspace object manager caches access control decisions provided
> by SELinux, it needs to invalidate the cache on policy reload and setenforce
> to keep consistency.
> However, the applications need to check the kernel state for each accesses
> on userspace avc, or launch a background worker process.
> In heuristic, frequency of invalidation is much less than frequency of
> making access control decision, so it is annoying to invoke a system call
> to check we don't need to invalidate the userspace cache.
> If we can use a background worker thread, it allows to receive invalidation
> messages from the kernel. But it requires us an invasive coding toward the
> base application in some cases; E.g, when we provide a feature performing
> with SELinux as a plugin module, it is unwelcome manner to launch its own
> worker thread from the module.
>
> If we could map /selinux/status to process memory space, application can
> know updates of selinux status; policy reload or setenforce.
>
> A typical application checks selinux_kernel_status::sequence when it tries
> to reference userspace avc. If it was changed from the last time when it
> checked userspace avc, it means something was updated in the kernel space.
> Then, the application can reset userspace avc or update current enforcing
> mode, without any system call invocations.
> This sequence number is updated according to the seqlock logic, so we need
> to wait for a while if it is odd number.
>
> Signed-off-by: KaiGai Kohei <kaigai@xxxxxxxxxxxxx>
Acked-by: Eric Paris <eparis@xxxxxxxxxx>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
