Re: A Comment from User Space

• Previous message: David Wagner: "Re: A Comment from User Space"
• In reply to: Stephen Smalley: "Re: A Comment from User Space"
• Next in thread: Chris Wright: "Re: A Comment from User Space"
• Next in thread: Crispin Cowan: "Re: A Comment from User Space"
• Reply: Chris Wright: "Re: A Comment from User Space"
• Reply: Scott Leerssen: "Re: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stephen Smalley  wrote:
>I would suggest that a number (but not all) of the LSM hooks
>need both pre- and post- hooks so that the module can both
>authorize/deny the operation and maintain state.

I agree.  My experience seems to agree with yours: Janus uses
post-hooks in a few places to maintain state.

Note my proposal earlier for special cases of hooks:
  int check_foo(args);   // pre-hook, for checking policy (can return -EPERM)
  void before_foo(args); // pre-hook, for maintaining state
  void after_foo(args); // post-hook, for maintaining state
Much of the Janus functionality falls into some combination
of these three simple categories, without needing interposition
in full generality.

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: David Wagner: "Re: linux-security-module digest, Vol 1 #43 - 14 msgs"
• Previous message: David Wagner: "Re: A Comment from User Space"
• In reply to: Stephen Smalley: "Re: A Comment from User Space"
• Next in thread: Chris Wright: "Re: A Comment from User Space"
• Next in thread: Crispin Cowan: "Re: A Comment from User Space"
• Reply: Chris Wright: "Re: A Comment from User Space"
• Reply: Scott Leerssen: "Re: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 11:50:53 PDT