IBM 10 SP1 EAL4 5.3.3 System V IPC

The inode allocation routine of the disk-based file system does the allocation and initialization of the inode

object; thus, object reuse is handled by the disk-based file system.

A call to the open() VFS system call performs the same operation as it does for device special files.

Regular DACs when the FIFO inode is read are identical to access checks performed for other file system

objects, such as files and directories. If the process is allowed to access the FIFO inode, the kernel proceeds

by invoking init_special_inode(), because a FIFO on disk appears as a special file. The

init_special_inode() system call sets the file operation vector i_fop of the inode to

def_fifo_fops. The only valid function in def_fifo_fops is the fifo_open() function.

fifo_open() appropriately calls the pipe_read() or pipe_write() functions, depending on the

access type. Access control is performed by the disk-based file system.

5.3.3 System V IPC

The System V IPC consists of message queues, semaphores, and shared memory regions. Message queues

allow formatted data streams that are sent between processes. Semaphores allow processes to synchronize

execution. Shared memory segments allow multiple processes to share a portion of their virtual address

space.

This section describes data structures and algorithms used by the SLES kernel to implement the System V

IPC. This section also focuses on the implementation of the enforcement of DAC and the handling of object

reuse by the allocation algorithms.

•The IPC mechanisms share the following common properties:

•Each mechanism is represented by a table in kernel memory whose entries define an instance of the

mechanism.

•Each table entry contains a numeric key, which is used to reference a specific instance of the

mechanism.

•Each table entry has an ownership designation and access permissions structure associated with it.

The creator of an IPC object becomes its owner. This ownership can be transferred by the control

system call of the IPC mechanism. The owner and root user are allowed to define and modify access

permissions to the IPC object. Credentials of the process attempting access, ownership designation,

and access permissions are used for enforcing DAC. The root user is allowed to override DAC setup

through access permissions.

•Each table entry has a pointer to an ipc_security_struct type, which is not used by the SLES

kernel.

•Each table entry includes status information such as time of last access or update.

•Each mechanism has a control system call to query and set status information, and to remove an

instance of a mechanism.

The following list describes security-relevant common data structures that are used by all three IPC

mechanisms:

•ipc_ids: The ipc_ids data structure fields, such as size, which indicates the maximum number

of allocatable IPC resources; in_use, which holds the number of allocated IPC resources; and, entries,

which points to the array of IPC resource descriptors.