On Mon, Apr 15, 2002 at 10:31:57AM -0700, Crispin Cowan wrote: > > However, it IS good for LSM to provide the kind of facility that Chris > describes above, so that all LSM hooks are stubbed out by default, and > only those hooks that the module writer wants to implement actually are > operative. The other kernel apis that provide "fall back" defaults to interfaces, normally do it with a check like: if (foo->function) foo->function(baz); else default->function(baz); But we can't do that when we do the security hooks always being called (one of the original requirements from Linus.) And since C doesn't easily provide "inheritance" the possible solutions to this problem are quite ugly. I know James, Chris, and I have all tried different ways to do this. Personally, I was too embarrassed to show my solution, as it was some ugly code to just save some developer time. And since no other kernel interface provides this kind of "ease of use", I don't know if it would be accepted by anyone else. Chris has talked about exporting all of the dummy_* functions, but this still requires some work by the security module developer as new functions are added. I would accept this solution, but what does everyone else think? thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 15 2002 - 11:04:31 PDT