Re: stackable modules

From: sarnoldat_private
Date: Wed May 23 2001 - 11:12:57 PDT

  • Next message: Crispin Cowan: "Re: stackable modules"

    On Wed, May 23, 2001 at 01:53:19PM -0400, Matt Block wrote:
    > For stacking modules, it seems that the multiplexor approach
    > is much cleaner and more powerful than a chaining approach.
    > It appears (from language like, "pass it down the chain")
    Matt, I think the trick is that terminology differences caused problems.
    I think jmjones's proposal is in reality rather close to what I had
    suggested in the past (the multiplexor module idea is probably not
    original to me! :) -- but for whatever reason, it certainly did not sound
    that way and I rather incorrectly assumed his position.
    In private emails, I think the two of us hammered out that we really
    aren't that far off. If I understand his proposal, it is simply a
    convenient way to notify modules that other modules are trying to load.
    It still leaves unanswered the questions of how the opaque security blob
    is handled, however.
    jmjones was not suggesting that the virgin kernel (is "core kernel"
    better?) should be charged with marshalling the chaining. Instead, by
    providing some simple hooks, it is hoped to provide a more standard
    method of handling module multiplexing for those modules that wish to
    work with other modules. The first loaded module would be in charge of
    handling any chaining, or other aggregation techniques. Not the virgin
    I hope I got jmjones's position correct; I trust he will correct me
    where I am wrong. :)
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed May 23 2001 - 11:16:27 PDT