On Fri, Apr 13, 2001 at 11:05:39PM +0000, David Wagner wrote: > Andrew Morgan wrote: > >As a simple example, "I need to add the following > >system calls to manipulate my foo-bar security hook" > > No, a better way to do this in Linux is probably to use the /proc/ > filesystem to configure your module. There is absolutely no need > to add a new system call to configure your model, and I think it is > a really bad idea. And an even better way is to make your model export a filesystem and just mount it somewhere. Then configure your module through calls through the filesystem, the new vfs layer makes this very simple to do (see the usbdevfs or shm filesystems for good examples of this.) This cuts down on the /proc/ bloat and is "the right thing to do" for 2.4+ kernels. But I do agree that both of these options are better than adding a new system call to the kernel. greg k-h (who loves just adding new nodes to /proc/ himself and needs to stop doing it...) -- greg@(kroah|wirex).com http://immunix.org/~greg _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 16:25:26 PDT