On Thu, 9 Aug 2001, richard offer wrote: > int (* syscall) (int cmd, int copy_flag, void *data, int > *length); I was thinking it would be something more like the socketcall interface, e.g. int (*syscall) (int call, unsigned long *args) The number of arguments can either be determined from 'call' or (for a call with varying arguments) by making one of the elements of 'args' specify a length. And the generic security system call would be the same except for having the additional module_id/magic number parameter. I would suggest that the generic security system call not do any copying at all, and merely defer all handling of that processing to the module. This seems reasonable for implementing new system calls, unlike the other security hooks where we don't want to pass user space pointers. > The only problem I have about having security.h maintaining the list of > policy ID numbers is that that is going to have to change everytime someone > writes a new policy. This is a good point. With the current SELinux module, the module id/magic number is only defined in our header files that are used by our module and our library. There is no real reason to put these values in the security.h file. But we do need a way of registering values to avoid conflicts. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 14:32:31 PDT