[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: /sbin/reboot and secmodel
> [...], and then have the kernel signal [init]
> Internal communication can e.g. be done via a named pipe:
> prw------- 1 root root 0 Feb 14 16:51 /etc/initpipe
I'd much rather not. If it's a named pipe, it's accessible to
userland. I'd rather see the kernel create an ordinary, unnamed, pipe
and give one end of it to init as fd 0 on startup or some such, then
stash the other end somewhere internal as a trusted channel to init.
If we're willing to assume AF_LOCAL sockets are available we could make
it an AF_LOCAL socketpair and use it bidirectionally.
Of course, this assumes that we decide we want to put those smarts in
the kernel in the first place; I'm not convinced that's a good design.
(I'm not convinced it's a bad design, either, but I'm trying to make
sure I don't slide into either stance unjustifiedly.)
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents.montreal.qc.ca@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Main Index |
Thread Index |