Re: stackable modules

From: Chris Wright (chrisat_private)
Date: Wed May 23 2001 - 11:27:53 PDT

  • Next message: jmjonesat_private: "Re: stackable modules"

    * Matt Block (blockdevat_private) wrote:
    > I've been lurking for a month.  This message will no doubt
    > demonstrate that a month was not enough.
    > For stacking modules, it seems that the multiplexor approach
    > is much cleaner and more powerful than a chaining approach.
    > It appears (from language like, "pass it down the chain")
    > that the original recommendation was for a sort of linked
    > list of modules- this, of course, will cause hell when the
    > admin decides to unload a module in the middle of the chain,
    > particularly if there is no way to pass the requirements
    > of that module around (so as to rip the appropriate stuff
    > out of the security blob).  It also offers no clear way
    > to add a module once the chain has been established.
    I think the idea is not too dissimaliar from a multiplexor module.  It gives
    a new module the ability to register (like we have now) and if it is not the
    first module it would actually register with the first module (we don't
    currently support this).  Once latter modules register with the first
    module, it becomes a sort of multiplexor.  The kernel hooks all remain the
    same, and in fact they continue to point at operations registered by the
    first module.  This proposal may not be ideal, but it solves the short term
    need of leveraging the capabilities module (or whatever module) when
    developing your own module.
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed May 23 2001 - 11:30:29 PDT