Stephen Smalley wrote: >The hook functions are passed pointers to the kernel objects, and >are expected to set and access the security field by dereferencing the >kernel object. You're right. I forgot about this. This sort of thing, by the way, is one of the reasons I was earlier on advocating that we at least think in advance about how to support stacking (because it is likely to be much harder to add stacking after the fact if we don't at least consider the effect of our design decisions earlier). A possible fix: we could insist that hook functions not touch current->security directly, but rather call some interface (e.g., getsecurity(current)) to do it for them. Then we can have the multiplexor module implement this interface in an interesting way. But, this is only viable if we impose these abstractions early... _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 12:02:27 PDT