Re: The Demise of Simple Assurance?

From: David Wagner (dawat_private)
Date: Tue Jul 31 2001 - 17:44:11 PDT

  • Next message: Lachlan McIlroy: "RE: FW: Hooks for MAC (updated)"

    richard offer  wrote:
    >I thought that being fully authoritative using a single hook implied moving
    >current kernel logic out into a module.
    No, I don't think so.  Suppose the existing kernel code looks like
      rv = ... some complicated existing in-kernel check ...;
      if (rv < 0)
        goto out;
    In this case, we replace the above code snippet with
      rv = ... some complicated existing in-kernel check ...;
      rv = security_ops->foo(rv, ...);
      if (rv < 0)
        goto out;
    This doesn't seem to imply moving any of the current kernel logic into
    the module.  Am I misunderstanding something?
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 18:53:17 PDT