Re: Extending a Security Module

From: sarnoldat_private
Date: Tue May 22 2001 - 13:30:04 PDT

  • Next message: Chris Wright: "Re: Extending a Security Module"

    On Tue, May 22, 2001 at 04:11:15PM -0400, jmjonesat_private wrote:
    > My suggestion involves only a few lines in the current 
    > patch, and certainly could be "erased" if a better idea
    > comes along, but the idea of stackable modules seems 
    > VERY core, at this point, *to me*.
    I tend to agree with David here; we need to get a solid, stable
    implementation of several modules before complicating the system
    As for the idea of stacking modules (knowingly ignoring my own advice
    from only one paragraph away! :) -- consider the following:
        o How modules interact is actually a policy. Building into the
          kernel any pieces that require making stacking possible may go
          against the policy implemented by any module.
        o Stacking can be emulated through another module -- one that loads
          and calls the other modules in turn, according to its policy.
    I think we would be better off to re-evaluate the situation later. It
    could be that enough people want exactly this functionality that it should
    be implemented in the kernel. What I think is more likely is a more
    flexible generic multiplexor module (provided by the kernel) to handle
    probably two or three modules.
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue May 22 2001 - 13:33:11 PDT