* frm dawat_private "08/09/01 17:44:16 +0000" | sed '1,$s/^/* /' * * Rather than having vendor identifiers, it might make more sense to have * module identifiers. (What if the Immunix folks want to put out both a * SubDomain LSM and a RaceGuard LSM? We shouldn't put barriers in the way * of this.) modules == policy. Having one id per policy is going to mean that us (LSM) and then Linus is going to be forced to take frequent patches to a header file just to support a global name name space. This is a real problem with how MAJOR and MINOR numbers were handled in pre-2.4. I'd like something that : 1) doesn't mean I have to annoy Linus every time I write a new policy. 2) still allows for propriatory policies, not that I want to use them, but there should be nothing technical from stopping that happen. 3) allows a "vendor" to grab a single ID and re-use it for multiple policies, on the understanding that they are then responsible for managing conflicts. This is what I plan on doing, since that puts the onus on me to make sure CAPP and LSPP work well together from an application pov. 4) Allows a "vendor" to "hide" their product plans by not leaking ID names out until the "product" is released. 5) Allows people to get their name in the linux header file :-) * * -- David * richard. ----------------------------------------------------------------------- Richard Offer Technical Lead, Trust Technology, SGI "Specialization is for insects" _______________________________________________________________________ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 15:48:45 PDT