On Wed, May 23, 2001 at 01:53:19PM -0400, Matt Block wrote: > For stacking modules, it seems that the multiplexor approach > is much cleaner and more powerful than a chaining approach. > It appears (from language like, "pass it down the chain") Matt, I think the trick is that terminology differences caused problems. I think jmjones's proposal is in reality rather close to what I had suggested in the past (the multiplexor module idea is probably not original to me! :) -- but for whatever reason, it certainly did not sound that way and I rather incorrectly assumed his position. In private emails, I think the two of us hammered out that we really aren't that far off. If I understand his proposal, it is simply a convenient way to notify modules that other modules are trying to load. It still leaves unanswered the questions of how the opaque security blob is handled, however. jmjones was not suggesting that the virgin kernel (is "core kernel" better?) should be charged with marshalling the chaining. Instead, by providing some simple hooks, it is hoped to provide a more standard method of handling module multiplexing for those modules that wish to work with other modules. The first loaded module would be in charge of handling any chaining, or other aggregation techniques. Not the virgin kernel. I hope I got jmjones's position correct; I trust he will correct me where I am wrong. :) _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed May 23 2001 - 11:16:27 PDT