Re: A Comment from User Space

From: David Wagner (dawat_private)
Date: Tue Apr 24 2001 - 11:48:28 PDT

  • Next message: David Wagner: "Re: linux-security-module digest, Vol 1 #43 - 14 msgs"

    Stephen Smalley  wrote:
    >I would suggest that a number (but not all) of the LSM hooks
    >need both pre- and post- hooks so that the module can both
    >authorize/deny the operation and maintain state.
    
    I agree.  My experience seems to agree with yours: Janus uses
    post-hooks in a few places to maintain state.
    
    Note my proposal earlier for special cases of hooks:
      int check_foo(args);   // pre-hook, for checking policy (can return -EPERM)
      void before_foo(args); // pre-hook, for maintaining state
      void after_foo(args); // post-hook, for maintaining state
    Much of the Janus functionality falls into some combination
    of these three simple categories, without needing interposition
    in full generality.
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 11:50:53 PDT