* David Wheeler (dwheelerat_private) wrote: <snipped your more accurate code example> > It's not _horrific_, but it sure is more complex > (and less user-friendly) than: > > register_security(); > and > unregister_security(); > > If the consensus is that it's really important to > have two separate pairs of registration functions, then > I think the wrapping approach described above > needs to be explicitly given in the documentation > (line-by-line). Will the above work, or have > I screwed something up? The above works, it's how it is currently done. From the capbility module... static int __init capability_init (void) { /* register ourselves with the security framework */ if (register_security (&capability_ops)) { printk (KERN_INFO "Failure registering capabilities with the kernel\n"); /* try registering with primary module */ if (mod_reg_security (MY_NAME, &capability_ops)) { printk (KERN_INFO "Failure registering capabilities " "with primary security module.\n"); return -EINVAL; } secondary = 1; } printk (KERN_INFO "Capability LSM initialized\n"); return 0; } For a module like capability this works fine. It doesn't actually use the blobs, as they are the tricky part during stacking (as noted in this thread). thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jul 19 2002 - 07:19:29 PDT