next up previous contents
Next: Overload Up: Algorithms Previous: fork system call   Contents

exec system call

There will be two new fields in the task_struct : lids_perm_s *perm and lids_caps_s *caps.

Each time the execve system call is invoked,

  1. we check that parent16.1 have the permission to read and execute the program.
  2. child inherit of parent->caps chained list. (Duplicated if forked)
  3. child inherit of parent->lfs_master
  4. parent->lfs_master->lfs is updated with the inherited overloaded capabilites of child

  5. we search for rules in the configuration about this program, or a parent directory
    1. we search for the lids_prog_s structure of the program
    2. if none are found, we search the one of its parent directory, and so on until one is found.
    If no lids_prog_s is found, task_struct.perm will be NULL and the caps/masks will be taken empty. Else, task_struct.perm will point on lids_prog_s.perm and caps/masks will be taken in the lids_caps_s whose uid field is -1 or equal to parent->uid. If both are found, the second will be chosen. If none are found, we'll take empty sets.
  6. Now for each element of the child->caps chained list, we do
    elt->caps = found_caps | (elt->caps & elt->mask)
    elt->mask |= found_mask
    
    This is the inheritance rule for capabilities.

This suppose that the very first process is born with its caps field pointing to a lids_caps_s whose caps/mask are empty and whose tag field is -1. Its perm field should point to a rule that allow it to read and execute what will be the init process. So that it will allow it to read and execute everything.


next up previous contents
Next: Overload Up: Algorithms Previous: fork system call   Contents
Biondi Philippe 2000-12-15