On Fri, Aug 10, 2001 at 10:16:25AM -0400, Stephen Smalley wrote: > > I don't think it is unreasonable to add one more parameter to > sys_security to pass a magic number/module id that identifies > the desired module, rather than requiring modules to also provide > a separate mechanism for indicating their presence. For simplicity, we > could also add this parameter to the syscall hook and have > sys_security pass it through, leaving the actual checking to the module. > As far as registered numbers/ids go, I agree that they should not go into > security.h and that we don't have to set up any kind of registry right > now. If we add it, what value does it really have? If you are stacking modules you had better know how to do it. Hence you will know to keep your syscall call parameter unique to let your stacked modules handle things properly. Since it's 32 bits, you have plenty of room to keep things from stomping on each other :) > > I think that about covers the whole thread. Comments on the attached > > patch, and why it doesn't work for your module? > > We should probably define __NR_lsm or __NR_security in > include/asm-i386/unistd.h (and likewise for other supported > architectures). Oops, forgot that, I'll go add that in a bit. Thanks for pointing it out. But also remember, this syscall entry is _not_ registered as a "real" syscall number until the patch gets into the kernel. So don't go hardcoding that number into all your userspace tools :) thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:43:39 PDT