I was just hit with the idea of having a common header structure in all security blobs. What happens when module stacking is used and a module gets a security blob that was created by another module? Will it clobber the blob or get confused? Even if it knows that the information within the blob is meaningless, how does it put it's information in the blob without messing up the other module? We could manage multiple security policies by keeping a list of security blobs with each kernel data structure. Information that could be common to all security blobs would include a locking mechanism. A union of various types of locks will allow for the flexibility to select the lock you need without using too much memory. Information that could be module specific would include the module id so a module can find its security blob in the list of blobs. Any other reasons for or against this idea are welcome... but 'general reasons' will be frowned upon. --- Lachlan McIlroy Phone: +61 3 9596 4155 Trusted Linux Fax: +61 3 9596 2960 Adacel Technologies Ltd www.adacel.com _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 21:17:11 PDT