On 6 Sep 2001, David Wagner wrote: > I guess the're also another way to support stacking: use a multiplexing > module that does all the bookkeeping and dispatching of events to the > real policy modules. This would obviate the need for headers in the > security blob, at the cost of introducing another module. Right? I'm not sure how to support this cleanly without a common security blob header. The hook functions are passed pointers to the kernel objects, and are expected to set and access the security field by dereferencing the kernel object. So the multiplexing module would have to save the security field used for its information, set the security field appropriately for each module and invoke that module's hook, and then restore the security field to point to the multiplexing information. Similarly, for allocation, the multiplexing module would have to call each module's alloc_security hook, save the security field after the call, clear it, call the next module, ... and then finally set the security field to refer to the multiplexing information. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 10:39:28 PDT