On Mon, 3 Dec 2001, Chris Wright wrote: > This patch adds a new header file, lsm_null.h, which contains the "null" > implementation for every LSM hook. The capability module is then > migrated to use of lsm_null.h. This unclutters the module > substantially, and should help make it easier to reason what a module > does. > > patch is against current lsm-2.5. > > comments? > > Not all of the null hooks preserve existing behaviour. I think it would be better to provide dummy hooks which can be safely used by developers who do not need to implement all of the hooks. The default should be no change to existing behaviour, and any change should be explicitly implemented by the developer. Greg and I have briefly discussed off-list the possibility of providing a way to initialize a security_operations structure so that it has all of the dummy hooks by default, and developers only then need to override the hooks they require. I think this would solve the issue of clutter, as well as providing a "safe" default for unimplemented hooks. This idea has been put on hold in the expectation of possible changes to the security_operations structure (e.g. possibly flat, to reduce the number of pointer dereferences per hook call), which would affect how simply it could be implemented. - James -- James Morris <jmorrisat_private> _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 00:22:33 PST