On Tue, 21 Aug 2001, Greg KH wrote: > However we are not forcing anyone to support this within the current lsm > patch. So the current lsm syscall interface will stay the same as it > currently is (which does allow you to do this if you so desire). See the tail end of Crispin's notes about the discussion at the Usenix Security BOF at http://mail.wirex.com/pipermail/linux-security-module/2001-August/001663.html. I again asked for an additional integer parameter in the sys_security interface and syscall hook that could (optionally) be used by the module for the purpose of module identification. The parameter would just be passed through by the sys_security call to the syscall hook. I also asked that the dummy module's syscall hook return -ENOSYS. And likewise for the capability plug, until such a time as the capability module actually implements new system calls other than the existing capget/capset. To my surprise, WireX seemed ok with the idea, and everyone else seemed to want it. But you weren't there, so feel free to chime in now. An alternative would be to use some of the bits of the call parameter to identify the module. But I would prefer a separate parameter for this purpose, and it doesn't seem to impose any significant burden on the interface to pass 3 words rather than 2. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Aug 22 2001 - 06:19:50 PDT