On Tue, Apr 24, 2001 at 01:56:46PM -0700, Seth Arnold wrote: > Or would it be best to let the whole idea of multiplexed security > modules lie until this single-module version is finished? Yes, let's not bring it up anymore :) > (I know I keep bringing it up, but there is method to my madness. If I > recall, richard at sgi wants the current security checks hookable (i.e., > the standard unix-like permission checking), the first 'planned' module > seems to be (by consensus) the posix capabilities, and we all have our > favorite 'third-party' module we want to use. That is three modules > right there. Sure, few applications use posix capabilities, and it is > unlikely the standard unix-like permissions will only be available in > module form (for the folks who want speed) -- but I easily see the need > for two modules loaded at once. :) Capabilities will be able to be hooked. That's a given. It's up to the specific security module to hook them if they want to. So SubDomain will also hook into Capabilities. All the hooking logic goes into SubDomain (burden that it wants to do it.) This keeps the 99% of the world happy that only wants Capabilities and not the overhead of a hooking manager type interface. greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 14:11:05 PDT