Chris Wright wrote: >Given that, I _am_ interested in a nice clean way to initialize the >security_ops struct that allows the module author to only overwrite the >hooks they care about (similar to the last solution you propose). This >is for code readability/maintainablity as well as possibly providing safe >fail-close solution. > Well said. I agree with Greg and Chris: binary compatibility has never been provided by Linux kernel modules, and it is not good for LSM to premptorily change that. However, it IS good for LSM to provide the kind of facility that Chris describes above, so that all LSM hooks are stubbed out by default, and only those hooks that the module writer wants to implement actually are operative. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 15 2002 - 10:37:08 PDT