> In many cases, there won't be any kernel decision to pass to the hook. > For example, the inode create hook doesn't have any corresponding > kernel decision. The kernel decision for file creation was computed > by permission(), which was called by may_create(), so it is sufficient > to pass that decision to the permission() hook and let it be > authoritative. In other cases, it may be impractical to colocate the > kernel decision with the hook call. It seems more confusing to > provide the extra parameter even when there is nothing to pass. One additional observation on this topic: it is already the case that each hook has its own set of arguments that is specialized to its purpose (e.g the inode create hook passes the directory inode, the dentry, and the mode, while the ptrace hook passes the parent and child task structures). So it doesn't seem any less "uniform" to have some hooks that pass kernel decisions and some hooks that do not. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Jun 06 2001 - 07:01:26 PDT