Greg KH wrote: >On Sun, Aug 25, 2002 at 08:44:55PM -0700, Crispin Cowan wrote: > > >>Why is it difficult to change the module registration interface so that >>a module can specify an ID number if it wants to? Let it specify 0 if it >>doesn't want to play with the stacker. >> >> >Because 99.99% of the modules will not have an id, or want to be >stacked. > Ah, there's the point of contention. I think that closer to 90% of modules WILL want to be stacked. Sure, SELinux, SubDomain, and LIDS won't want to stack with each other. But they will all (likely) want to stack with OWLSM and Capabilities. That's just what I can see right now; it's not hard to imagine having two policy engines (managing different aspects of access control) wanting to run in the same place, and wanting the stacker module to MUX their system calls efficiently. >>I'm not married to any of this, but I don't see huge cost to David's >>request, and I do see some cost (and uglies) to the kludges he will have >>to employ to work around it. >> >> >I don't see either a cost, ugly, or kludges in my pseudo code. But >I'm probably biased :) What do you object about it? > Polling the modules, fishing for the one that should respond to a syscall, instead of just going direct to the right module. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sun Aug 25 2002 - 21:12:20 PDT