tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: /sbin/reboot and secmodel

On Mon, 17 Mar 2008 13:38:39 +0200
Elad Efrat <> wrote:

> That one's a bit tricky. The reboot program tries to "gracefully"
> reboot the system by doing some things it believes it's doing as
> root. Since at the moment the KAUTH_SYSTEM_REBOOT action applies only
> to the very reboot(2) syscall, it "breaks" somewhere in the middle
> when trying to stop init (and later on signal all other processes).
> While it may be possible to solve it with a lot of special casing, I
> wonder if we shouldn't just move a lot of that logic to the kernel,
> and add a RB_GRACEFUL to reboot(2), telling it "do all the things you
> used to do in userland".
> Is anyone seeing possible problems taking this route? any other ideas
> on how to address this?
What occurs to me is to use secmodel to restrict or grant access to the
user-level program that does the shutdown -- that would avoid moving
too much goo to the kernel.

                --Steve Bellovin,

Home | Main Index | Thread Index | Old Index