Crispin Cowan proclaimed: >That was an intentional part of the interface design: the "ID" is not a >formal part of the interface, only a notional convention. Only modules >that choose to conform to some standard (such as Richard Offer's >proposal of id=md5(module_name)) will actually use that argument as a >module identifier. > >The module multiplex module will need to choose an ID convention >(Richard's proposal seems ideal). It will then only be able to multiplex >modules that follow the convention. ObNote: Actually, the ID convention was my idea/fault. Richard just removed the "-n" flag from echo. I'd really prefer that the module expose its ID - if the module has one - to the multiplex module. If the module doesn't have an id, it can just pass a bogus one (say "0"). Many modules _are_ using the id as a formal part of the interface when dealing with sys_security anyway. Currently, the multiplex module has to recompute the id if there is one. Again, this is silly since the caller knows its own id - it adds more code and slows performance for no gain in utility. For example, it means that every multiplexor has to drag in a lot of code just to recompute ID's (e.g., I have to pull in an MD5 implementation). It's also dangerous if a module does not follow the current documented convention. For example, SELinux follows the original convention I suggested (using "-n"), so I have to special-case selinux (and the special case makes it harder for SELinux to change their id, should they choose to do so). All of this is unnecessary - if SELinux provided its id (which it knows anyway). _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sat Jul 20 2002 - 20:49:46 PDT