IBM 10 SP1 EAL4 Server User Manual


 
5.4.5.6 Generic calls
read(), write() and close(): read(), write() and close() are generic I/O system calls
that operate on a file descriptor. Depending on the type of object, whether regular file, directory, or socket,
appropriate object-specific functions are invoked.
5.4.5.7 Access control
DAC mediation is performed at bind() time. The socket(), bind(), connect(), listen(),
accept(), sendmsg(), recvmsg(), getsockname(), getpeername(), getsockopt(),
setsockopt(), and shutdown() syscalls may perform additional access control checks by calling
LSM hooks but the SLES kernel does not do this. read(), write(), and close() operations on
sockets do not perform any access control.
5.5 Memory management
The memory management subsystem is responsible for controlling process access to the hardware memory
resources. This is accomplished through a hardware memory-management system that provides a mapping
between process memory references and the machine's physical memory. The memory management
subsystem maintains this mapping on a per-process basis, so two processes can access the same virtual
memory address and actually use different physical memory locations. In addition, the memory management
subsystem supports swapping; it moves unused memory pages to persistent storage to allow the computer to
support more virtual memory than there is physical memory.
The memory management subsystem is composed of three modules:
The architecture-specific module presents a virtual interface to the memory management hardware.
The architecture-independent management module performs all of the per-process mapping and
virtual memory swapping. This module is responsible for determining which memory pages will be
evicted when there is a page fault; there is no separate policy module, since it is not expected that this
policy will need to change.
82
Figure 5-22: Mapping read, write and close calls for sockets