服务器评测
LSM(Linux Secure Model)一种轻量级访问控制机制.
其实现方式有如在系统调用中加入一个后门….
方式如下:
static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt,
struct file *f,
int (*open)(struct inode *, struct file *),
const struct cred *cred)
{
struct inode *inode;
int error;
………………………………………………………
error = security_dentry_open(f, cred); //LSM机制实现方式,在此加入了一个LSM函数.
//security_dentry_open的实现如下,相当于一个接口,对一个函数指针再
//封装一下.
//只返回是与否,这样的控制信息.
if (error)
goto cleanup_all;
……………………………………………………….
return f;
cleanup_all:
………………………………………………………..
return ERR_PTR(error);
}
//========简单封装一个指针结构体===========================
int security_dentry_open(struct file *file, const struct cred *cred)
{
int ret;
ret = security_ops->dentry_open(file, cred);
if (ret)
return ret;
return fsnotify_perm(file, MAY_OPEN);
}
