On Thu, 27 Jun 2002, Seth Arnold wrote: > Chris offfers a beer to whoever can come up with a slick solution so > that module authors don't have to define functions they don't care > about. I think this can be done relatively simply once the hooks are flattened out (I looked at this some months ago, and managing the double pointers was the only problem, IIRC). > We will need to flatten the security structure; who wants grunt work? > If nobody else is planning to do this, I should be able to have a look at this and the issue above sometime over the next week or so. Also, while thinking about a way to enable the netfilter IP hooks to be registered dynamically by modules, it ocurred to me that it would be simpler, faster and more flexible to actually remove these hooks from LSM and let modules register netfilter hooks directly as required. A dynamic registration interface would add more complexity to LSM, and may involve further performance hits to modules which use the hooks. The more lightweight we can make LSM the better, and direct netfilter registration would allow modules to use exactly the hooks/priorities they need, rather than the current defaults which probably don't suit anyone perfectly anyway. Comments? - James -- James Morris <jmorrisat_private> _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 05:47:51 PDT