On Sun, Aug 25, 2002 at 09:10:43PM -0700, Crispin Cowan wrote: > Ah, there's the point of contention. I think that closer to 90% of > modules WILL want to be stacked. Then lets deal with that problem when those modules crawl out into the light. > Sure, SELinux, SubDomain, and LIDS won't want to stack with each other. > But they will all (likely) want to stack with OWLSM and Capabilities. OWLSM and capabilities do not use sys_security(), so there's no problem with doing this today. > Polling the modules, fishing for the one that should respond to a > syscall, instead of just going direct to the right module. So say you have stacked only 1 module. If it doesn't match your sig, pass it down. If you are a multiplexor (like the original topic), calling every different module is probably not a measurable difference from doing the check yourself. Only the SELinux and DTE modules implement sys_security() right now, and neither of them support stacking _or_ the module id. Heck, SELinux right now just replaces the original sys_security syscall table entry with it's own entry, going around the original syscall :) In sort, it's not a real problem today, and if it becomes a problem tomorrow, due to real speed issues, we can deal with it then. thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Aug 26 2002 - 08:44:36 PDT