Re: how to deny reading of several sysctls (for a set of uids, f.e.)

From: Max Laier <max@xxxxxxxxxxxxxx>
Date: Wed, 24 Jan 2007 14:56:29 +0100

On Wednesday 24 January 2007 14:23, you wrote:

On Tue, 23 Jan 2007 14:10:19 +0100
Max Laier <max@xxxxxxxxxxxxxx> wrote:

[..]

td->td_proc->p_ucred has the user credentials. You
probably want to do
your checks in userland_sysctl() according to the
comment just above.

Thanks, it is really what I need.

Now I have once more question.
I made the kernel object with one check-function and all
works fine from userland via syscall().

Is there a documented possibility to use syscalls _inside_
kernel code?
In other words, I need to call the function located in
loadable kernel object from kernel, doesn't matter how
this would be done (syscall, etc).

My goal is to avoid kernel rebuilding each time after
function modification.

Is it possible?

You should use a function pointer. Look for example at "ip_dn_io_ptr" in
netinet. This is a function pointer that is populated from the dummynet
module and (if non-NULL) called from the kernel (or ip_fw_pfil.c). Note
that you might need some locking around the pointer access if you want to
be able to load and unload the module at will. OTOH, sysctl seems to be
protected by Giant anyways.

--
/"\ Best regards, | mlaier@xxxxxxxxxxx
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News

Attachment: pgphMbTHGLp1J.pgp
Description: PGP signature

References:
- how to deny reading of several sysctls (for a set of uids, f.e.)
  - From: Andrew N. Below
- Re: how to deny reading of several sysctls (for a set of uids, f.e.)
  - From: Max Laier
- Re: how to deny reading of several sysctls (for a set of uids, f.e.)
  - From: Andrew N. Below

Prev by Date: Re: atacontrol kernel crash (atausb?)
Next by Date: RE: how to deny reading of several sysctls (for a set of uids, f.e.)
Previous by thread: Re: how to deny reading of several sysctls (for a set of uids, f.e.)
Next by thread: RE: how to deny reading of several sysctls (for a set of uids, f.e.)
Index(es):
- Date
- Thread

Relevant Pages

Re: How to call a function in a module from the kernel code !!! (Linux kernel)
... Also, the particular example of putting a pointer to a module function into the kernel
core is quite racy and hard to get the locking/memory-barriers correct for, so a review of that part
would probably be useful to the poster. ... By distributing a derivative of both the Linux kernel
and your proprietary module, the result must be GPL. ... But to call any of the hooks,
you must call wrapper functions that grabs a spinlock before calling the function. ...
This spinlock is also used to reset the function pointer when removing the module. ...
(Linux-Kernel)
Re: [Kgdb-bugreport] [PATCH] Kill kgdb_serial
... If one builds a different kernel for each test machine, ... With an arch
serial driver you get the possibility of ... >> so many varieties of ppc. ...
We can still have one single hardcoded function pointer for ppc and manage the ... (Linux-Kernel)
Re: how to deny reading of several sysctls (for a set of uids, f.e.)
... Max Laier wrote: ... I made the kernel object with one check-function
and all works fine from userland via syscall. ... Is there a documented possibility to use syscalls
_inside_ kernel code? ... In other words, I need to call the function located in loadable kernel
object from kernel, doesn't matter how this would be done. ... (freebsd-hackers)
Re: 32-bit Athlon X2 wont poweroff
... * halt when pm_power_off is not set do it the easy way. ... power off function
has been bound in is a function pointer). ... configured into the kernel. ...
Your kernel .config ... (Linux-Kernel)
Re: Oops in 2.6.10-rc1
... all_ which is why I suspect it's his hardware. ... I've asked Christian for
an obdump of the kernel to see if I can ... I suspected pcibios_enable_irq (which is a
function pointer) ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel)