On Thu, 11 Oct 2001, Crispin Cowan wrote: > This looks like Richard trying to make the hook authoritative. It was > widely agreed at the August BOF that we would switch to authoritative > hooks if SGI could overcome a few obstacles. > > Is there any reason to object to this change besides "don't like > authoritative"? Actually, this change doesn't seem like an authoritative hook issue. It ensures that the post_create hook is always called (on success or failure), but it doesn't allow the post_create hook to change the return status. I was viewing this change as being either for audit purposes or to support stateful access control policies that need to be notified when an operation completes, regardless of whether the operation failed or succeeded (which could be alternatively viewed as an access control policy that depends on audit information). In any event, the change seems innocuous to me. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Oct 11 2001 - 12:02:03 PDT