* frm crispinat_private "08/09/01 10:12:52 -0700" | sed '1,$s/^/* /' * * richard offer wrote: * * *> And we're going to get into the issue of "we're not going to accept your *> policy in phase 1" even if all that's required is an ID number. * * I do hope you're kidding. Yes. * *> Perhaps it should be vendor rather than policy specific ? It forces the *> vendor of the policy to be self consistant withing their organisation in *> terms of cmd codes and would require less changes to security.h before *> and after the code is mainlined ? * * From above, it's clear to me that Case 2 is the desirable one, and so I * agree that the syscall numbers only need to be consistent within a * "vendor". I prefer to think of it as a "family" of cooperating modules, * as it doesn't have to be a single vendor, and doesn't have to be * commercial. I was thinking that "vendor" meant someone who wrote a policy. It could as you say be a commercial company or an individual. But its up to them to arbitrate the use of cmds inside their "organisation". If an individual writes multiple policies, they would need to be aware of that.... * It could even be the case that one module provider could * plop themselves on top of a module provided by a different vendor by * strategically choosing numbers. Agreed, that seems like the best approach, and it should work. * * Crispin richard. ----------------------------------------------------------------------- Richard Offer Technical Lead, Trust Technology, SGI "Specialization is for insects" _______________________________________________________________________ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 11:05:23 PDT