Chris Wright wrote: >is it possible to collapse before_foo into check_foo? Yes. The main reason to separate them is to deal with multiple registrants who want to hook on the same event. You call check_foo() on all registrants first, then if all of them allow the event, you call before_foo() on all of them. If you have multiple registrants, this behaviour can't be emulated with a single "int pre_foo();" hook, and if you go with a single "int pre_foo();" hook now and later want to support multiple registrants, you may well have to change the interface in a non-backwards-compatible way. The tradeoff is that, in return for ability for the interface to upgrade gracefully to multiple registrants per hook without major changes to most modules, you end up with double the number of hook locations, which is unfortunate. I'll let you decide which is preferred. Personally, my guess is that in the long run, if we want to deal with multiple registrants, we might want the interface the kernel sees (security_ops) might be different from the interface module-writers see. However, in the short run I know everyone would like to get things working just in the simple case of a single module per process (and I think this view makes a *lot* of sense), so arguably the best strategy in the short run is to ignore multiple registrants for the current prototype and pay the costs of changing the interface later. My main point is just to keep in mind the possibility that there may be costs to be born later, if we later want to support multiple policies per process. P.S. I'm not sure whether Janus uses any other post-hooks: I'll have to take a closer look. Off the top of my head, I think the post-hooks we used were for fork()/vfork()/... and the process-death event. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 12:45:00 PDT