Stephen Smalley wrote: >It seems like we either need to push the entire access control logic >into the hook functions (so the hook functions can combine their >new logic with the old logic in any arbitrary way) or we need to >provide separate hooks for overriding grantings and overriding >denials. A third option (I am not suggesting it, but just trying to list all possibilities) if you want to enable the possibility to override the base logic is to always call the hook and pass in an argument that says whether the base logic would allow the operation or not, and let the hook return its decision (or return the argument, if the hook doesn't want to override the base logic). _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu May 31 2001 - 10:41:27 PDT