Greg KH wrote: > On Tue, May 01, 2001 at 08:03:48PM -0400, jmjonesat_private wrote: > > Okay, I stand corrected, but a loadable module DOES provide a means of > > extending the kernel to provide other functionality without actually > > touching the Kernel proper. Not So? > > Yes, that is true. I guess it depends on where you see the "kernel > proper" ending. Remember Linux is a monolithic kernel, it's all "proper" :) What loadable kernel modules do is separate the the kernel address space domain (what code can read/write directly to kernel memory) from the kernel source code domain (who can add code to the kernel, and whether they have to re-compile the whole kernel to do it): * Without loadable modules: if you wanna run some code inside the kernel's address space, you hafta patch the source and re-compile the kernel. A big hassle for all, and beyond the capabilities of many. * With loadable modules: someone can prepare a module that works with the standard kernel, and give it to their friends/customers. With no special knowledge and no re-compiling, that code runs inside the kernel address space. However, Greg's point stands: building kernel modules is not for amateurs. Someone who wants to build an LSM module had better be comfortable with kernel hacking. The LSM is about making it easy distribute & install such enhancements, not about making it user-friendly to write them. Naturally, we should make it as easy as possible to write LSM modules, but not at the expense of kernel mainline conventions. And there is no escaping the hard fact that you are writing kernel code when you write LSM module code. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue May 01 2001 - 17:58:44 PDT