On Mon, Jul 01, 2002 at 03:20:14PM -0700, MAILER-DAEMONat_private wrote: > I think we need to support running older modules on newer LSM > infrastructures, otherwise we're going to get into a viscious circle of > version-chicken (a module wants version LSM version X, version X wants > kernel Y, but I also need kernel Z (LSM version != X) because that is the > only version for which feature Q is available)... Richard, all it will take for older modules to run on newer kernels with different LSM interfaces (more hooks) is a recompile. Of course, the minute that kernel gets to a NULL entry in the security ops structure, it will Panic... (Nah, Chris's sanity checking code should find this problem, I think.) When your module doesn't have an entry that is in a new interface, you could do one of two simple things: (1) write a stub to return success (2) write a stub to return failure. If your module wants to think about it, you could write a function to actually think about it. :) I'd be pretty surprised if this becomes a problem. :) -- http://sardonix.org/
This archive was generated by hypermail 2b30 : Mon Jul 01 2002 - 16:14:25 PDT