jmjonesat_private wrote: > On Fri, 10 Aug 2001, Crispin Cowan wrote: > > I believe that the argumenthere is that the compute cost of an extra > > parameter is paid by all modules on every call to the LSM syscall, vs. a > > one-time cost of accessing a pseudo-file to identify a module. The file > > access is slower, but occurs much less often, off the critical path. > > Relegate this to testing? By the time it's tested, it'll be so deep in > LSM that it will be a whole NEW argument to get it out. I have been > burned by this idea before and would rather not "sit tight" on it again. > (just me.) One of us is confused :-) I don't know what you mean by "relegate this to testing". I believe that we are all in agreement that there needs to be some way for an app to test if a given module is present, and we're discussing how best to do it. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 19:29:49 PDT