On Tue, 24 Jul 2001, Wayne Salamon wrote: > > OK, but how many hooks do we want? Minimal, correct? Looking at ioctl.c, > I would suggest that we simply start by adding all of the hooks that are needed for each of the LSM-based projects and refactor as appropriate. I don't think we can anticipate every possible case at this stage. Let us assume that the combined requirements of selinux, rsbac, dte, sgi, immunix etc. constitute a reasonably generic set of security requirements for the kernel. In the netdevice case, we are checking userspace data and the hook needs to be down at the level where the data is normally copied. Also, I feel that the hook granularity is correct for this case, and provides a useful level of abstraction to the LSM module developer. - James -- James Morris <jmorrisat_private> _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 18:59:24 PDT