Re: The Demise of Simple Assurance?

• Next in thread: Shane Kerr: "Re: The Demise of Simple Assurance?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

richard offer  wrote:
>I thought that being fully authoritative using a single hook implied moving
>current kernel logic out into a module.

No, I don't think so.  Suppose the existing kernel code looks like
  rv = ... some complicated existing in-kernel check ...;
  if (rv < 0)
    goto out;
In this case, we replace the above code snippet with
  rv = ... some complicated existing in-kernel check ...;
  rv = security_ops->foo(rv, ...);
  if (rv < 0)
    goto out;
This doesn't seem to imply moving any of the current kernel logic into
the module.  Am I misunderstanding something?

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Lachlan McIlroy: "RE: FW: Hooks for MAC (updated)"
• Next in thread: Shane Kerr: "Re: The Demise of Simple Assurance?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 18:53:17 PDT