dwheelerat_private wrote: >Here's the problem: under the current interface, >if there is a master "stacking" module >with other modules underneath it, and a call to sys_security is made >intending to contact a specific stacked module, >there's no way to always return the correct return value >from the module that was SUPPOSED to have been contacted. > >This is because the master "stacking" module has >no way to know which LSM module should be called when it's given an id. >It can call all of them, but all of them will return a value... > That was an intentional part of the interface design: the "ID" is not a formal part of the interface, only a notional convention. Only modules that choose to conform to some standard (such as Richard Offer's proposal of id=md5(module_name)) will actually use that argument as a module identifier. The module multiplex module will need to choose an ID convention (Richard's proposal seems ideal). It will then only be able to multiplex modules that follow the convention. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sat Jul 20 2002 - 17:20:55 PDT