Re: Extending a Security Module

From: jmjonesat_private
Date: Tue May 22 2001 - 14:24:48 PDT

  • Next message: sarnoldat_private: "Re: Extending a Security Module"

    On Tue, 22 May 2001, Greg KH wrote:
    > On Tue, May 22, 2001 at 04:11:15PM -0400, jmjonesat_private wrote:
    > > 
    > > On 22 May 2001, David Wagner wrote:
    > > 
    > > > but is
    > > > getting into this discussion now a good idea?
    > Not again.  I thought we agreed to not worry about this right now. :)
    > > My suggestion involves only a few lines in the current 
    > > patch, and certainly could be "erased" if a better idea
    > > comes along, but the idea of stackable modules seems 
    > > VERY core, at this point, *to me*.
    > No it doesn't.  It requires every hook to add the ability to chain
    > modules.  Let's drop this for now and then bring it up when we have a
    > working system.
    Yes it does.  If the kernel calls the registered function, it's that 
    FUNCTIONS responsibility to chain, if desired.
    security_ops->register(security_operations *ops);
    to the original security ops structure, then 
    replace lines 275 and 276 of security.c with
    return security_ops->register(*ops);
    and you're done.  The hooks in the "kernel proper" make ONE call,
    end of story.
    The security_ops->unregister(...) takes a little thinking
    but it's similarly "trivial".
    > > Somebody used the phrase "The Unix Way" before.  The Unix 
    > > Way is to build small active components and mix and match 
    > > them to fit the specific needs of the system.  If only 
    > > ONE module is possible without back end fixes from the 
    > > module... that may be good for commercial module builders
    > > but I think it kind of "cripples" the "unix way".
    > "The Unix Way" does not pertain to kernel modules in any sense of the
    > phrase.  Think usermode programs, not kernelspace.
    Interest duality.  Will try.  But isn't the kernel Unix too?
    > greg k-h
    J. Melvin Jones
    ||  J. MELVIN JONES            jmjonesat_private 
    ||  Microcomputer Systems Consultant  
    ||  Software Developer
    ||  Web Site Design, Hosting, and Administration
    ||  Network and Systems Administration
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue May 22 2001 - 14:25:31 PDT