how to deny reading of several sysctls (for a set of uids, f.e.)
Max Laier
max at love2party.net
Wed Jan 24 13:57:36 UTC 2007
On Wednesday 24 January 2007 14:23, you wrote:
> On Tue, 23 Jan 2007 14:10:19 +0100
> Max Laier <max at love2party.net> wrote:
>
> [..]
>
> > td->td_proc->p_ucred has the user credentials. You
> >probably want to do
> > your checks in userland_sysctl() according to the
> >comment just above.
>
> Thanks, it is really what I need.
>
> Now I have once more question.
> I made the kernel object with one check-function and all
> works fine from userland via syscall().
>
> Is there a documented possibility to use syscalls _inside_
> kernel code?
> In other words, I need to call the function located in
> loadable kernel object from kernel, doesn't matter how
> this would be done (syscall, etc).
>
> My goal is to avoid kernel rebuilding each time after
> function modification.
>
> Is it possible?
You should use a function pointer. Look for example at "ip_dn_io_ptr" in
netinet. This is a function pointer that is populated from the dummynet
module and (if non-NULL) called from the kernel (or ip_fw_pfil.c). Note
that you might need some locking around the pointer access if you want to
be able to load and unload the module at will. OTOH, sysctl seems to be
protected by Giant anyways.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20070124/5b365667/attachment.pgp
More information about the freebsd-hackers
mailing list