Re: A Comment from User Space

From: Seth Arnold (sarnoldat_private)
Date: Tue Apr 24 2001 - 13:56:46 PDT

  • Next message: David Wheeler: "Re: linux-security-module digest, Vol 1 #45 - 9 msgs"

    * Stephen Smalley <sdsat_private> [010424 05:59]:
    > It would probably be sufficient to only have a single system call
    > reserved for LSM, and multiplex requests through it.
    
    It would probably be sufficient for individual modules. If we ask Linus
    to set aside five syscalls for security purposes we will likely have a
    better time with the transition to multiplexed security modules in
    place -- as long as there is a recommendation somewhere that individual
    modules should use no more than one syscall.
    
    Would it be easy enough to build a new multiplexed syscall out of the
    two previously multiplexed syscalls?
    
    Or would it be best to let the whole idea of multiplexed security
    modules lie until this single-module version is finished?
    
    (I know I keep bringing it up, but there is method to my madness. If I
    recall, richard at sgi wants the current security checks hookable (i.e.,
    the standard unix-like permission checking), the first 'planned' module
    seems to be (by consensus) the posix capabilities, and we all have our
    favorite 'third-party' module we want to use. That is three modules
    right there. Sure, few applications use posix capabilities, and it is
    unlikely the standard unix-like permissions will only be available in
    module form (for the folks who want speed) -- but I easily see the need
    for two modules loaded at once. :)
    
    -- 
    Earthlink: The #1 provider of unsolicited bulk email to the Internet.
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 13:58:00 PDT