On Thu, 31 May 2001, Casey Schaufler wrote: > One can always write a policy which encompasses multiple > policy components, without resorting to composition. The > "dummy" functions should provide the "traditional" Linux > behavior. Any module which replaces the traditional (dummy) > modules will have to account for the traditional behavior, > either by maintaining it or replacing it. I don't think anyone is proposing that we provide the ultimate composition mechanism in the base kernel itself. But it would be very helpful if new modules (like MLS or DTE or SubDomain/CryptoMark or SELinux or ...) could re-use the implementation of the traditional behavior that will exist in the dummy functions rather than having to duplicate and maintain a separate copy. We can hopefully expect the Linux kernel developers to maintain the traditional logic in the dummy functions, so it would be ideal if our modules could easily be composed with that traditional logic. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jun 01 2001 - 05:54:32 PDT