On 30 Aug 2001, David Wagner wrote: > In fact, is there any reason to pass the 'data' value to the hook at > all? Passing it seems like a temptation to shoot oneself in the foot. > Does anyone actually need this value to enforce policy? If someone > does need it, I think some cleanup of sys_bdflush() may be in order. > If noone needs it, the benefit of omitting it from the hook is that it > will force us to handle things correctly if someone eventually decides > they need access to this parameter. What do you think of this proposal? We don't need the data parameter for SELinux, but we included it as a parameter to the hook because it is sometimes a simple integer value (passed by value) rather than a pointer. So this is similar to the arg parameter to the fcntl hook, except that we specifically have a need for that parameter in SELinux. What do others think? Should we remove the data parameter from the bdflush hook or keep it with a clearly stated warning as we have done with the fcntl arg parameter? -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Aug 31 2001 - 05:52:42 PDT