* frm gregat_private "08/10/01 17:15:35 -0700" | sed '1,$s/^/* /' * * On Fri, Aug 10, 2001 at 05:01:31PM -0700, richard offer wrote: *> *> I could have no way to determine if my policy is loaded. Seriously, I *> don't. Audit is invisible, so is MAC. * * But your module isn't. Look in /proc/modules. Call query_module(2). * Any number of different ways to do this. That assumes that it is a module, I may have compiled it into the kernel. * *> I'm not going to go and create a pseudo file system just to let *> applications know that my policy is loaded. That's bogus. You'd rather *> increase the kernel size than pass one extra parameter? * * No, I'd rather not overload an existing clean interface (syscalls) with * a new functionality that will take time (computer time with the extra * parameter) And that is slower than opening a file? * and administrative time (with people forced to register their * modules with some central authority.) I thought we'd all decided that a central repository wasn't a good idea yesterday. Simply passing the value thought doesn't require any admin. * And how much bloat is creating a single /proc entry to let your * userspace programs know that your module is loaded? Well, now I need /proc compiled in, that's 46k. Yesterday the argument was against using /proc instead of a system call. * * Come on, syscalls are not meant to do this. This shouldn't even be an * argument. * * greg k-h * richard. ----------------------------------------------------------------------- Richard Offer Technical Lead, Trust Technology, SGI "Specialization is for insects" _______________________________________________________________________ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 17:50:44 PDT