Re: A Comment from User Space

From: Valdis.Kletnieksat_private
Date: Mon Apr 23 2001 - 19:15:55 PDT

  • Next message: Valdis.Kletnieksat_private: "Re: A Comment from User Space"

    On Mon, 23 Apr 2001 23:44:46 BST, dawat_private (David Wagner)  said:
    > 1. lsm_perror is inherently thread-unsafe (in contrast to perror).
    
    Why?  sed 's/perror/lsm_perror/g' < perror.c > lsm_perror.c
    
    and tell me what's thread-unsafe there?  Notice I said *NOTHING*
    about how lsm_perror.c should be implemented, and in fact, I've
    given *several* alternative implementations, from a null return
    as listed below, to a highly complicated IPC-based scheme, to
    something that workse the same way as perror.c (and should therefor
    be as thread-safe).
    
    > 2. I don't want to be forced to support lsm_perror in my module.
    >    I'd prefer to ignore it's existence, and I don't really want it
    >    cluttering my policy code.
    
    char * lsm_perror(int *goaway) { return "Permission Denied."; }
    
    Was that *so* hard?
    	
    > Therefore, I propose that this be left up to individual modules to
    > provide, or at least, that policy modules be free to do nothing whatsoever
    > to support lsm_perror.
    
    Umm.. I believe I said *several* times that was what I intended -
    perhaps with a restriction that if you intend to do "nothing
    whatsoever", you provide a stub like the one-liner above so programs
    can still link against it.
    
    /Valdis
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 19:16:53 PDT