From owner-freebsd-hackers  Tue Oct 28 11:15:21 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id LAA13494
          for hackers-outgoing; Tue, 28 Oct 1997 11:15:21 -0800 (PST)
          (envelope-from owner-freebsd-hackers)
Received: from heron.doc.ic.ac.uk (YLllp6KWgLKeGWHjiibxYPofzYW1eEOc@heron.doc.ic.ac.uk [146.169.2.31])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id LAA13488
          for <freebsd-hackers@freebsd.org>; Tue, 28 Oct 1997 11:15:16 -0800 (PST)
          (envelope-from njs3@doc.ic.ac.uk)
Received: from oak67.doc.ic.ac.uk [146.169.33.67] ([e+KMT1EPIkOkIiKnacYfyDjGdD1zYE5q])
	by heron.doc.ic.ac.uk with smtp (Exim 1.62 #3)
	id 0xQH6b-0007Q4-00; Tue, 28 Oct 1997 19:15:09 +0000
Received: from njs3 by oak67.doc.ic.ac.uk with local (Exim 1.62 #3)
	id 0xQH6U-00038C-00; Tue, 28 Oct 1997 19:15:02 +0000
From: njs3@doc.ic.ac.uk (Niall Smart)
Date: Tue, 28 Oct 1997 19:15:02 +0000
In-Reply-To: Terry Lambert <tlambert@primenet.com>
       "Re: Loading code from userland" (Oct 28,  5:57pm)
X-Mailer: Mail User's Shell (7.2.5 10/14/92)
To: Terry Lambert <tlambert@primenet.com>, njs3@doc.ic.ac.uk (Niall Smart)
Subject: Re: Loading code from userland
Cc: freebsd-hackers@freebsd.org
Message-Id: <E0xQH6U-00038C-00@oak67.doc.ic.ac.uk>
Sender: owner-freebsd-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Oct 28,  5:57pm, Terry Lambert wrote:
} Subject: Re: Loading code from userland
> > I was wondering how I can load code from user-land into the kernel in
> > a manner similar to dlopen() and dlsym()?  For example, if I had an
> > encrypted file system then I might want to allow the user to load their
> > own encryption module which defined a set of operations such as
> > initialise(), encrypt_block(), decrypt_block() etc.
> 
> You should procedurally abstract the interface so that the user
> code is run in user space, not kernel space, unless you believe
> you can trust all your users to not rewrite the "uid" portion
> of their own proc struct.

[ big snip ]

After re-reading my original post, it's clear that I was ambiguous
about what I was trying to do.  When I said 'user' I should have said
'the system administrator': the encryption would be done on a filesystem
basis rather file by file, user by user.  My apologies and thanks to those
who replied with ideas of how to safely implement user-configuration of
the kernel.

So, I'm trying to allow the system administrator to load a module which
can operate on the blocks before they get written to disk.  This could
be used for compression or encryption.  The question is how can I load
a module like this and register it with the filesystem implementation.
Loadable kernel modules?


Regards,

Niall