As Richard Offer noted, I recommend that the security module ID
be created using a "standard convention", namely, the
first 8 characters of an md5sum of the name of the module:
echo "Name_of_module" | md5sum | cut -c -8
I would REALLY like to see this clearly stated
in the documentation, AT LEAST in the documentation for sys_security.
If everyone used this convention, then there's no (real) need for a
centralized web infrastructure just to keep track of names,
the odds of ID collision go WAY down, and it's really easy to do.
SELinux and SGI Trusted Linux are already using
this convention, so there are already modules that use it.
If anybody hates the convention, they don't need to use it,
but most people would rather just know a simple solution
that will solve the problem.
Would someone with CVS write access append the following (or something
like it) to the description of sys_security?:
To eliminate the need for a central registry of ids,
the recommended convention for creating the hexadecimal id value is:
'echo "Name_of_module" | md5sum | cut -c -8'.
C code will need to prefix this result with "0x".
For example, echo "SGI Trusted Linux" | md5sum | cut -c -8
would be used in C as #define SYS_SECURITY_MODID 0xc4c7be22.
I added the note about "0x" and the example to eliminate likely errors
and to help people apply it.
--- David A. Wheeler
dwheelerat_private
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 08:17:44 PDT