* Stephen Smalley <sdsat_private> [010424 05:59]: > It would probably be sufficient to only have a single system call > reserved for LSM, and multiplex requests through it. It would probably be sufficient for individual modules. If we ask Linus to set aside five syscalls for security purposes we will likely have a better time with the transition to multiplexed security modules in place -- as long as there is a recommendation somewhere that individual modules should use no more than one syscall. Would it be easy enough to build a new multiplexed syscall out of the two previously multiplexed syscalls? Or would it be best to let the whole idea of multiplexed security modules lie until this single-module version is finished? (I know I keep bringing it up, but there is method to my madness. If I recall, richard at sgi wants the current security checks hookable (i.e., the standard unix-like permission checking), the first 'planned' module seems to be (by consensus) the posix capabilities, and we all have our favorite 'third-party' module we want to use. That is three modules right there. Sure, few applications use posix capabilities, and it is unlikely the standard unix-like permissions will only be available in module form (for the folks who want speed) -- but I easily see the need for two modules loaded at once. :) -- Earthlink: The #1 provider of unsolicited bulk email to the Internet. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 13:58:00 PDT