Attached is a tiny patch to capability_plug.c which changes the exit code to allow it to unregister without error regardless of whether it was originally registered primary or secondary (I think, the usual "look at it" suggestion... seemed to pass my tests.) If modules are stacked and capability_plug is secondary to another module, it is possible that the primary module may be removed and reregister capability_plug as the primary... this sort of strategy helps modules in a stack/chain "get out clean"... leaving the "original" security intact, depending on how much we move out to the module. An example of this sort of case would be a module which can load other modules and provide statistics/information/tests, but slows the system. After running it for a while (maybe until the test is complete) to determine security is as expected, it could be removed to eliminate the cost. Perhaps some sort of power-up test/verification system. Submitted For Your Approval, J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jul 13 2001 - 11:18:23 PDT