Re: A Comment from User Space

From: David Wagner (dawat_private)
Date: Tue Apr 24 2001 - 17:08:18 PDT

  • Next message: Crispin Cowan: "Re: A Comment from User Space"

    Stephen Smalley  wrote:
    >Why is such an approach preferable to reserving an actual
    >system call for use by security modules?
    
    Maybe it's not!  Possibly I am just being unnecessarily
    curmudgeonly, so maybe you shouldn't read too much into my
    expressions of skepticism on this one.  If you can get buy-in
    from the appropriate Linux developers for reserving a set of
    system calls for use for security modules, I certainly won't
    stand in your way.  As far as I'm concerned, go for it.
    
    (But it might be a good idea to get this buy-in early.  I can't
    speak for anyone else, but nonetheless I think it might be prudent
    to be prepared for the possibility that some people might not be
    easily convinced on this issue.)
    
    >If implementing system calls
    >via pseudo file systems is the way to go, then why
    >aren't the kernel developers migrating most of the 
    >existing system calls to such an approach?
    
    Well, now, it should be clear why that's a different situation.
    We've got legacy code that uses those existing system calls; we've
    got syscalls for core functionality that should be present on every
    Unix system and is fundamental to the Linux kernel; and so on.  It's
    not analogous.  If you are looking for a compelling argument why we
    should add new system calls for security modules, I don't think this
    is it.
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 17:10:57 PDT