* David Wagner (dawat_private) wrote: > Stephen Smalley wrote: > >I would suggest that a number (but not all) of the LSM hooks > >need both pre- and post- hooks so that the module can both > >authorize/deny the operation and maintain state. > > I agree. My experience seems to agree with yours: Janus uses > post-hooks in a few places to maintain state. > > Note my proposal earlier for special cases of hooks: > int check_foo(args); // pre-hook, for checking policy (can return -EPERM) > void before_foo(args); // pre-hook, for maintaining state > void after_foo(args); // post-hook, for maintaining state > Much of the Janus functionality falls into some combination > of these three simple categories, without needing interposition > in full generality. is it possible to collapse before_foo into check_foo? just trying to be judicious with the interface. also, as my last posting said, i have added post hooks for a subset of inode operations. what more is needed? -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 11:57:52 PDT