* $ from dawat_private at "13-Apr:11:12pm" | sed "1,$s/^/* /" * [snip] * * If your modules can support allowed_to_open(), and my modules * can deliberately skip implementing it, can we both go home happy? Yes, as long as you accept that your applications will only work on your system and mine will only work on mine. Oh, and common apps such as sendmail, apache, X need to support everbody's policies on a run-time basis.... * Or are you suggesting that supporting allowed_to_open() should be * mandatory for all modules? * I think what I'm suggesting is the need for something to do for access control decisions what PAM did for authentication decisions, applications no longer have to hard-code their decisions for a policy fixed at compile time. I don't so much care whether its plugable modules or system calls, as an application developer I want one API that works no matter what the underlying security policy is. Linus's design statement doesn't only apply to the kernel, the same logic applies to any large application that makes security decisions. richard. ----------------------------------------------------------------------- Richard Offer Technical Lead, Trust Technology. "Specialization is for insects" __________________________________________http://reality.sgi.com/offer/ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 10:38:06 PDT