Re: [PATCH] Authoritative hooks

From: jmjonesat_private
Date: Thu Aug 23 2001 - 09:41:21 PDT

  • Next message: Valdis.Kletnieksat_private: "Re: [PATCH] Authoritative hooks"

    On Thu, 23 Aug 2001, Greg KH wrote:
    
    > On Thu, Aug 23, 2001 at 08:05:19AM -0400, Stephen Smalley wrote:
    > > 
    > > The size and cleanliness of the patch
    > > could affect acceptability by the kernel developers, so that may be
    > > a real concern.
    > 
    > That is a real concern at this point.  Keeping the original patch small
    > and "obvious" is very important.
    > 
    > I like Crispin's "roadmap".  After we get the original hooks in the
    > kernel, then we can move on to possibly changing them to a format like
    > this patch if people want them (and it looks like people do.)
    > 
    > Sound ok?
    
    It sounds less okay than the approach under consideration now.
    
    The idea under consideration seems to be "where obviously possible and
    useful", leaving the "very-hard" places restrictive_only.  
    
    This strategy minimizes the "size and cleanliness" impact of the change
    and allows audit and MAC/DAC precedence to be implemented in the module
    NOW, enhancing the functionality and "true generality" of the interface.
    This rides on the "pro" side of the scale, reducing the list of "can't 
    do issues" by a relatively large margin without going hog-wild and messing
    up the kernel too much.
    
    I'm hoping SGI and/or others will provide more detailed analysis of "is
    this enough" before a decision is made to commit to this strategy, but it
    appears to be quite a valuable idea, to me.
     
    > 
    > thanks,
    > 
    > greg k-h
    > 
    
    J. Melvin Jones
    
    |>------------------------------------------------------
    ||  J. MELVIN JONES            jmjonesat_private 
    |>------------------------------------------------------
    ||  Microcomputer Systems Consultant  
    ||  Software Developer
    ||  Web Site Design, Hosting, and Administration
    ||  Network and Systems Administration
    |>------------------------------------------------------
    ||  http://www.jmjones.com/
    |>------------------------------------------------------
    
    
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Aug 23 2001 - 09:43:03 PDT