Stephen Smalley wrote: >Why is such an approach preferable to reserving an actual >system call for use by security modules? Maybe it's not! Possibly I am just being unnecessarily curmudgeonly, so maybe you shouldn't read too much into my expressions of skepticism on this one. If you can get buy-in from the appropriate Linux developers for reserving a set of system calls for use for security modules, I certainly won't stand in your way. As far as I'm concerned, go for it. (But it might be a good idea to get this buy-in early. I can't speak for anyone else, but nonetheless I think it might be prudent to be prepared for the possibility that some people might not be easily convinced on this issue.) >If implementing system calls >via pseudo file systems is the way to go, then why >aren't the kernel developers migrating most of the >existing system calls to such an approach? Well, now, it should be clear why that's a different situation. We've got legacy code that uses those existing system calls; we've got syscalls for core functionality that should be present on every Unix system and is fundamental to the Linux kernel; and so on. It's not analogous. If you are looking for a compelling argument why we should add new system calls for security modules, I don't think this is it. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 17:10:57 PDT