security_register() and mod_reg_security() are different, philosophically, although they both use the verify function. I see a paradigm where passing a NULL pointer to mod_reg_security may be a request "not to change" the pointer, since module families may handle subsets. This is not a big problem, since the pointer can be set to 0xFFFFFFFFF... or whatever to signal the same case, but would it be terrible to make the two registrations different? (I like this patch for security_registration())... since subordinate registrations are validated by the module, not the kernel-proper? Sincerely, J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ On Thu, 25 Oct 2001, Stephen Smalley wrote: > > On Thu, 25 Oct 2001, Stephen Smalley wrote: > > > If there isn't any easier way, I'll submit a patch to expand verify to > > cover all of the current hooks. > > A patch to expand the verify function to cover all current hooks is > attached. > > -- > Stephen D. Smalley, NAI Labs > ssmalleyat_private > > > > > _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 12:07:36 PDT