On Fri, Aug 23, 2002 at 03:42:45PM -0400, David Wheeler wrote:
>
> Yes, you could call every module. But sys_security
> has a return value. WHICH return value do you pass back?
> If you call every module, you have no idea which value to
> pass back. Checking for values like "-ENOSYS" won't help,
> that may be the value you wanted to send back!
-ENOSYS means that there is no system call here.
Remember, the system call can only be handled by 1 module, based on the
module id. So only the module that the call is for needs to return a
valid value.
For example:
foo_sys_security (unsigned int id, unsigned int call, unsigned long *args)
{
if (id == MY_ID) {
do_some_stuff
return_some_value
} else
return child->sys_security();
}
Where child is a pointer to the next module in the stack.
But I think you are thinking of a module that manages different security
modules, right? If so then your stacking module's call would look
something like this:
stacker_sys_security (unsigned int id, unsigned int call, unsigned long *args)
{
struct list_head *list;
struct stacked_modules *module;
int retval = -ENOSYS;
lock_the_list();
list_for_each(list, &security_module_list) {
module = container_of (list, struct stacked_modules, module);
retval = module->ops->sys_security (id, call, args)
if (retval != -ENOSYS)
goto exit;
}
unlock_the_list();
exit:
return retval;
}
Either way, you don't need to know the ids of the modules.
Does that help out?
thanks,
greg k-h
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Aug 23 2002 - 14:15:34 PDT