On Wed, 22 Aug 2001, James Morris wrote: > Yep, looks like a good solution. I'm just wondering (not sure if it > really matters) why we wouldn't create a new netlink_security_ops > structure for these hooks though. I could put these hooks into a new substructure, but I don't know if it is worthwhile to do so. In most cases, the substructures correspond to different kernel object types, so I was thinking that the netlink hooks should stay in the top-level structure. But we also have substructures for grouping related operations even when there is no particular kernel object, like the module_ops and ip_ops. And as both Chris Wright and I have previously observed, some of the current top-level hooks could be moved into substructures, possibly with some alterations (e.g. ptrace, capget, capset_check, and capset_set could all go into task_security_ops; all of the mount-related hooks could go into super_block_security_ops, especially if they were changed to use struct super_block instead of vfsmount - but that might break some modules). It doesn't really matter to me. Does anyone else care? -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Aug 22 2001 - 05:39:58 PDT