* Greg KH (gregat_private) wrote: > I do recommend using a "magic value" as the first field of the security > blob like Stephen mentioned. That's just good defensive programming. > > In short, if you want to do module stacking, you have to do all the > heavy lifting yourself. most important, the lsm interface (kernel hooks) don't know about module stacking. having a magic value is helpful, the magic value could easily be the first value of typedef struct security_blob { int magic; void *blob; } security_t; this does help define a standard without any central committe (like we did with sys_security). and doesn't force the kernel to be aware of module stacking. adding a list doesn't obviate the need for a multiplexor module typedef struct security_blob { int magic; struct list_head s_list; void *blob; } security_t; something needs to coallate the modules' decisions and generate an aggreagrate result. and if we add the magic number and list, we'd need to initialize them in a generic fashion before calling the module's alloc_security() wouldn't we? -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 12:26:31 PDT