Valdis.Kletnieksat_private said: > We may not want to support multiple modules at the moment, but we certainly > *do* want to take a *little* time and at least make sure that we do things > in a fashion that isn't actively hostile to deploying them at a later date. > > We'd be remiss in not doing at least a "If we do it THIS way we can <handwave> > here and be done easily, but if we do it THAT way we'll have to <handwave>, > <wave dead chickens>, and <apply crowbars and high explosives> to fit it in > later".... I agree; I believe that having stackable modules (or at least knowing how to add them and anticipating them) is very important to making this work. However, the stacking infrastructure can be quite simple. The "hooks" can be designed so that they only call one function, and if you want to stack functions, you first load a "multiplexor". The multiplexor can then implement a particular mixing policy. I know this has been previously discussed. Making it possible to combine smaller components to implement something complex is more than the "Unix way"; it's a well-established technique. True, this is kernelspace, but even in the kernel this is true. Indeed, the whole point of Linux modules is to make it possible to break a system down into smaller components. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue May 22 2001 - 18:17:30 PDT