* Matt Block (blockdevat_private) wrote: > I've been lurking for a month. This message will no doubt > demonstrate that a month was not enough. > > For stacking modules, it seems that the multiplexor approach > is much cleaner and more powerful than a chaining approach. > It appears (from language like, "pass it down the chain") > that the original recommendation was for a sort of linked > list of modules- this, of course, will cause hell when the > admin decides to unload a module in the middle of the chain, > particularly if there is no way to pass the requirements > of that module around (so as to rip the appropriate stuff > out of the security blob). It also offers no clear way > to add a module once the chain has been established. I think the idea is not too dissimaliar from a multiplexor module. It gives a new module the ability to register (like we have now) and if it is not the first module it would actually register with the first module (we don't currently support this). Once latter modules register with the first module, it becomes a sort of multiplexor. The kernel hooks all remain the same, and in fact they continue to point at operations registered by the first module. This proposal may not be ideal, but it solves the short term need of leveraging the capabilities module (or whatever module) when developing your own module. -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed May 23 2001 - 11:30:29 PDT