Re: Thinking about stacking in LSM: merge registering, add info about field use to security_operations

Previous message: Lachlan McIlroy: "Re: Thinking about stacking in LSM: merge registering, add info about field use to security_operations"
Next in thread: Chris Wright: "Re: Thinking about stacking in LSM: merge registering, add info about field use to security_operations"
Reply: Chris Wright: "Re: Thinking about stacking in LSM: merge registering, add info about field use to security_operations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

dwheelerat_private

Chris suggested that modules that permit themselves
to be stacked do this:

if (can't register_security())
	if (can't mod_reg_security())
		bail;

But then I don't know which unregistration function
to call.  Now my wrappers look like this:

static int is_stacked = 0; /* Is this okay with multiple modules? */
...

if (can't register_security())
   if (mod_reg_security())
     is_stacked = 1;
   else
     bail;

and conversely, unregistering looks like this:

   if (is_stacked) mod_unreg_security()
   else            unregister_security();

It's not _horrific_, but it sure is more complex
(and less user-friendly) than:

   register_security();
and
   unregister_security();

If the consensus is that it's really important to
have two separate pairs of registration functions, then
I think the wrapping approach described above
needs to be explicitly given in the documentation
(line-by-line).   Will the above work, or have
I screwed something up?

--- David A. Wheeler
     dwheelerat_private

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module