Re: [PATCH] add lsm null methods

From: James Morris (jmorrisat_private)
Date: Tue Dec 04 2001 - 00:20:58 PST

  • Next message: Timothy Covell: "Anyone tried the "vserver" patch?"

    On Mon, 3 Dec 2001, Chris Wright wrote:
    > This patch adds a new header file, lsm_null.h, which contains the "null"
    > implementation for every LSM hook.  The capability module is then
    > migrated to use of lsm_null.h.  This unclutters the module
    > substantially, and should help make it easier to reason what a module
    > does.
    > patch is against current lsm-2.5.
    > comments?
    Not all of the null hooks preserve existing behaviour.  I think it would
    be better to provide dummy hooks which can be safely used by developers
    who do not need to implement all of the hooks.  The default should be no
    change to existing behaviour, and any change should be explicitly
    implemented by the developer.
    Greg and I have briefly discussed off-list the possibility of providing a
    way to initialize a security_operations structure so that it has all of
    the dummy hooks by default, and developers only then need to override the
    hooks they require.
    I think this would solve the issue of clutter, as well as providing a
    "safe" default for unimplemented hooks.
    This idea has been put on hold in the expectation of possible changes to
    the security_operations structure (e.g. possibly flat, to reduce the
    number of pointer dereferences per hook call), which would affect how
    simply it could be implemented.
    - James
    James Morris
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 00:22:33 PST