Re: Thinking about stacking in LSM: merge registering, add info about field use to security_operations

From: David Wheeler (dwheelerat_private)
Date: Fri Jul 19 2002 - 06:39:38 PDT

  • Next message: Chris Wright: "Re: Thinking about stacking in LSM: merge registering, add info about field use to security_operations"

    Chris suggested that modules that permit themselves
    to be stacked do this:
    
    if (can't register_security())
    	if (can't mod_reg_security())
    		bail;
    
    
    But then I don't know which unregistration function
    to call.  Now my wrappers look like this:
    
    static int is_stacked = 0; /* Is this okay with multiple modules? */
    ...
    
    if (can't register_security())
       if (mod_reg_security())
         is_stacked = 1;
       else
         bail;
    
    
    
    and conversely, unregistering looks like this:
    
       if (is_stacked) mod_unreg_security()
       else            unregister_security();
    
    
    It's not _horrific_, but it sure is more complex
    (and less user-friendly) than:
    
       register_security();
    and
       unregister_security();
    
    
    
    If the consensus is that it's really important to
    have two separate pairs of registration functions, then
    I think the wrapping approach described above
    needs to be explicitly given in the documentation
    (line-by-line).   Will the above work, or have
    I screwed something up?
    
    
    
    
    --- David A. Wheeler
         dwheelerat_private
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Jul 19 2002 - 06:46:40 PDT