tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: /sbin/reboot and secmodel

> [...], and then have the kernel signal [init]

> Internal communication can e.g. be done via a named pipe:
> prw-------   1 root     root           0 Feb 14 16:51 /etc/initpipe

I'd much rather not.  If it's a named pipe, it's accessible to
userland.  I'd rather see the kernel create an ordinary, unnamed, pipe
and give one end of it to init as fd 0 on startup or some such, then
stash the other end somewhere internal as a trusted channel to init.
If we're willing to assume AF_LOCAL sockets are available we could make
it an AF_LOCAL socketpair and use it bidirectionally.

Of course, this assumes that we decide we want to put those smarts in
the kernel in the first place; I'm not convinced that's a good design.
(I'm not convinced it's a bad design, either, but I'm trying to make
sure I don't slide into either stance unjustifiedly.)

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML     
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Home | Main Index | Thread Index | Old Index