* frm steven_kramerat_private "08/22/01 07:42:19 -0400" | sed '1,$s/^/* /' * * * *> -----Original Message----- *> From: David Wheeler [mailto:dwheelerat_private] *> Could we include documentation on this parameter somewhere *> (at least in a comment)? Here's some starter documentation: *> *> The "modid" parameter identifies the security module, to *> support safety *> checking and "stacking" of multiple modules. Not all security *> modules care about the modid parameter value or follow the usual *> conventions; see the security module's *> documentation for more information. By convention, the modid value *> usually has the first 32 bits of the module name's MD5 hash, *> computed as: *> echo -n 'MODULE_NAME' | md5sum | head --bytes=8; echo *> Thus, the "world-domination" security module's modid is *> usually 0x95189e78. *> This approach eliminates the need for a central registry, *> supports safety *> and stacking, and retains the speed of a system call. *> *> I've no doubt that the people on this list will comment about *> this text :-). * * I took the bait. Realizing it's only a convention, I think it may be * better to use fewer bytes than 8 and leave some room for versioning of the * modules for when semantic changes are made to the interface. While still a convention :-) I suggest that its up to the policy to do their own versioning. If I do CAPP v1 and then release CAPP v2. Its in my best interest that those are compatable, I would do that by careful selection of cmd values rather than using a new modid. * * --steve kramer richard. ----------------------------------------------------------------------- Richard Offer Technical Lead, Trust Technology, SGI "Specialization is for insects" _______________________________________________________________________ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Aug 22 2001 - 07:28:56 PDT