Re: Extending a Security Module

• Previous message: Chris Wright: "Re: Append vs. write distinctions"
• In reply to: Greg KH: "Re: Extending a Security Module"
• Reply: Greg KH: "Re: Extending a Security Module"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 22 May 2001, Greg KH wrote:

> On Tue, May 22, 2001 at 04:11:15PM -0400, jmjonesat_private wrote:
> > 
> > On 22 May 2001, David Wagner wrote:
> > 
> > > but is
> > > getting into this discussion now a good idea?
> 
> Not again.  I thought we agreed to not worry about this right now. :)
> 
> > My suggestion involves only a few lines in the current 
> > patch, and certainly could be "erased" if a better idea
> > comes along, but the idea of stackable modules seems 
> > VERY core, at this point, *to me*.
> 
> No it doesn't.  It requires every hook to add the ability to chain
> modules.  Let's drop this for now and then bring it up when we have a
> working system.

Yes it does.  If the kernel calls the registered function, it's that 
FUNCTIONS responsibility to chain, if desired.

add 

security_ops->register(security_operations *ops);

to the original security ops structure, then 

replace lines 275 and 276 of security.c with

return security_ops->register(*ops);

and you're done.  The hooks in the "kernel proper" make ONE call,
end of story.

The security_ops->unregister(...) takes a little thinking
but it's similarly "trivial".

> 
> > Somebody used the phrase "The Unix Way" before.  The Unix 
> > Way is to build small active components and mix and match 
> > them to fit the specific needs of the system.  If only 
> > ONE module is possible without back end fixes from the 
> > module... that may be good for commercial module builders
> > but I think it kind of "cripples" the "unix way".
> 

> "The Unix Way" does not pertain to kernel modules in any sense of the
> phrase.  Think usermode programs, not kernelspace.

Interest duality.  Will try.  But isn't the kernel Unix too?

> 
> greg k-h
> 

J. Melvin Jones

|>------------------------------------------------------
||  J. MELVIN JONES            jmjonesat_private 
|>------------------------------------------------------
||  Microcomputer Systems Consultant  
||  Software Developer
||  Web Site Design, Hosting, and Administration
||  Network and Systems Administration
|>------------------------------------------------------
||  http://www.jmjones.com/
|>------------------------------------------------------






_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: sarnoldat_private: "Re: Extending a Security Module"
• Previous message: Chris Wright: "Re: Append vs. write distinctions"
• In reply to: Greg KH: "Re: Extending a Security Module"
• Reply: Greg KH: "Re: Extending a Security Module"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 22 2001 - 14:25:31 PDT