Re: Maintaining LSM modules

From: Greg KH (gregat_private)
Date: Mon Apr 15 2002 - 10:02:54 PDT

  • Next message: Seth Arnold: "Re: Maintaining LSM modules"

    On Mon, Apr 15, 2002 at 10:31:57AM -0700, Crispin Cowan wrote:
    > 
    > However, it IS good for LSM to provide the kind of facility that Chris 
    > describes above, so that all LSM hooks are stubbed out by default, and 
    > only those hooks that the module writer wants to implement actually are 
    > operative.
    
    The other kernel apis that provide "fall back" defaults to interfaces,
    normally do it with a check like:
    	if (foo->function)
    		foo->function(baz);
    	else
    		default->function(baz);
    
    But we can't do that when we do the security hooks always being called
    (one of the original requirements from Linus.)
    
    And since C doesn't easily provide "inheritance" the possible solutions
    to this problem are quite ugly.  I know James, Chris, and I have all
    tried different ways to do this.  Personally, I was too embarrassed to
    show my solution, as it was some ugly code to just save some developer
    time.
    
    And since no other kernel interface provides this kind of "ease of use",
    I don't know if it would be accepted by anyone else.
    
    Chris has talked about exporting all of the dummy_* functions, but this
    still requires some work by the security module developer as new
    functions are added.  I would accept this solution, but what does
    everyone else think?
    
    thanks,
    
    greg k-h
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Apr 15 2002 - 11:04:31 PDT