Re: Possible system call interface for LSM

• Previous message: richard offer: "Re: Possible system call interface for LSM"
• In reply to: richard offer: "Re: Possible system call interface for LSM"
• Next in thread: David Wagner: "Re: Possible system call interface for LSM"
• Next in thread: Crispin Cowan: "Re: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To allow stacking modules to further multiplex between subordinate modules
which may require the arbitration if loaded primary, but can co-exist
under a stacked multiplexor module, could we create 

#define SECURITY_VENDOR_PASS  (some value)

change to 

       /* Make sure application is calling the right module */
       if (
            security_ops->module_id != SECURITY_VENDOR_PASS
            &&
            module_id != security_ops->module_id
          )
               return -ENOPKG;

and

       error = security_ops->syscall(module_id, cmd, kern_data, length);


This would extend the value of a stacking module (a la option #2)
somewhat by allowing it to further multiplex (possibly even translate for)
subordinate modules.


J. Melvin Jones

|>------------------------------------------------------
||  J. MELVIN JONES            jmjonesat_private 
|>------------------------------------------------------
||  Microcomputer Systems Consultant  
||  Software Developer
||  Web Site Design, Hosting, and Administration
||  Network and Systems Administration
|>------------------------------------------------------
||  http://www.jmjones.com/
|>------------------------------------------------------

On Thu, 9 Aug 2001, richard offer wrote:

> 
> 
> * frm offerat_private "08/09/01 08:50:46 -0700" | sed '1,$s/^/* /'
> *
> * 
> 
> Attached is an updated version of Lachlan's
> 
>     The id has been changed to be based on vendors rather than policies.
>     The length parameter is now passed by reference not value, void is used
> rather than char.
>     There is a copy flag in sys_security.
>     sys_security was added to asm-i386/unistd.h
> 
> This patch is against the current bitkeeper tree (ChangeSetat_private,
> 2001-08-07 23:39:41-07:00)
>  
> richard.
> 
> -----------------------------------------------------------------------
> Richard Offer                     Technical Lead, Trust Technology, SGI
> "Specialization is for insects"
> _______________________________________________________________________
> 


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Jesse Pollard: "Re: Possible system call interface for LSM"
• Previous message: richard offer: "Re: Possible system call interface for LSM"
• In reply to: richard offer: "Re: Possible system call interface for LSM"
• Next in thread: David Wagner: "Re: Possible system call interface for LSM"
• Next in thread: Crispin Cowan: "Re: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 11:58:41 PDT