On Wed, 18 Apr 2001, Crispin Cowan wrote: > ... and that appears tobe a proposal to substantially expand the scope of this > project. > > * Architecturally, this coupling makes sense, because both tracing and security > need extensive hooking. > * Politically, it is much more questionable. Linus said he would accept a security > module abstraction. He said nothing about a trace facility. I agree with the abstraction of a security modules interface. I guess it will look like what VFS, sound, network' abstraction do. IMHO, I think a good abstraction of this interface will be cover the essatial(basic) security function only, not cover all hooks needed by all current security projects. Then all the security projects will build on top of it (inherit from this abstraction) and can still extend to do what they need to do. There are many abstract interface implmentation in Linux Kernel now, like VFS, Sound, Network, etc, I think we can learn from them. Just my .02 Yuan. -Huagang. -- Happy Hacking LIDS secure linux kernel http://www.lids.org/ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 04:18:08 PDT