Re: Possible system call interface for LSM

• Previous message: Jesse Pollard: "Re: Possible system call interface for LSM"
• In reply to: Greg KH: "Re: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "Re: Possible system call interface for LSM"
• Next in thread: Stephen Smalley: "Re: Possible system call interface for LSM"
• Next in thread: Jesse Pollard: "Re: Possible system call interface for LSM"
• Reply: jmjonesat_private: "Re: Possible system call interface for LSM"
• Reply: Greg KH: "Re: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* frm gregat_private "08/09/01 22:52:57 -0700" | sed '1,$s/^/* /'
*
* Wow, ignore the mailing list for 1 day, and look what happens, a nice
* technical debate :)
* 
* Anyway, thanks Lachlan for the patch that started everything off, and
* for everyone else's discussion.
* 
* Here's my comments on the whole thing (just go look at the attached
* patch if you don't care about my comments and just want to see what I've
* actually applied to the tree...)
* 
* 
*   - Non of this registered numbers loonacy.  That way is madness.  If
*     you are going to stack modules, the modules themselves are going to
*     have to handle this themselves.  End of story.  If you want
*     userspace to know that the SELinux module is loaded, examine some
*     userspace visable thing (like a mounted file system, see next
*     point.)

We need someway for basic checking, Stephens idea of simply passing the id
through the system call into the module is a reasonable design. 

Without registration a 64bit value would be better than a 32bit one, but
that's not goig to fly. 

I suggest making it a void * rather than int, to make it absolutely clear
that this is a policy specific entity that has no relevevance to the kernel.

* 
* 
* I think that about covers the whole thread.  Comments on the attached
* patch, and why it doesn't work for your module?

Can we have the discussion before the patch is applied? 

Going from new topic throught heated discussion to commited patch in a day
is too fast, particularly when there are now vested interests (more work
for you) if anything is changed.

* 
* thanks,
* 
* greg k-h

richard.

-----------------------------------------------------------------------
Richard Offer                     Technical Lead, Trust Technology, SGI
"Specialization is for insects"
_______________________________________________________________________


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Stephen Smalley: "Re: Possible system call interface for LSM"
• Previous message: Jesse Pollard: "Re: Possible system call interface for LSM"
• In reply to: Greg KH: "Re: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "Re: Possible system call interface for LSM"
• Next in thread: Stephen Smalley: "Re: Possible system call interface for LSM"
• Next in thread: Jesse Pollard: "Re: Possible system call interface for LSM"
• Reply: jmjonesat_private: "Re: Possible system call interface for LSM"
• Reply: Greg KH: "Re: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 07:37:39 PDT