Re: Stacking - anyone care how to report module id's?

• Previous message: Crispin Cowan: "Re: Stacking - anyone care how to report module id's?"
• In reply to: Crispin Cowan: "Re: Stacking - anyone care how to report module id's?"
• Next in thread: jmjonesat_private: "Re: Stacking - anyone care how to report module id's?"
• Next in thread: Crispin Cowan: "Re: Stacking - anyone care how to report module id's?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 26, 2002 at 11:02:17AM -0700, Crispin Cowan wrote:
> Greg KH wrote:
> 
> >Huh?  What is going to scale poorly?  The current sys_security() call?
> >I don't see anything in the current code tha scales badly.  All I hear
> >is vague statements about how some code, sometime in the future that
> >impmenents a sys_security() hook, might not scale well.
> >
> Thus is the nature of API design: you design the interface for 
> anticipated future needs, not just what's on the table. "640k ought to 
> be enough for anybody." :)

This is not the nature of Linux kernel API design, sorry.  Go see the
_many_ threads about things like this on lkml over the years for
validation of this.

> >Come on people, if there is a real problem, I'd be glad to deal with it.
> >And as there is no posted code showing a problem,
> >
> But there IS code dealing with it: David came to the group *with code* 
> and pointed out that he cannot reasonably implement his Stacker function 
> with the API as-is. I don't count the polling response as "reasonable"; 
> that's a kludge to get around a limitation in the API.

And I posted code that David was happy with that works with the API
as-is.  Where's the problem?

As David is implementing a Stacker type module, he is going to have to
do exactly the same thing for _all_ hooks that you seem to find so ugly.
The sys_security() call is not a special case here.  David just didn't
realize that sys_security() needs to return -ENOSYS if that specific
module does not want to handle the sys_security() call.

It could be argued that the overhead for doing this kind of work for all
of the hooks is far greater than any overhead for the sys_security()
call, so something else needs to be changed to make it easier for
modules to stack, but I'm not going to bring that up...  :)

thanks,

greg k-h
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: jmjonesat_private: "Re: Stacking - anyone care how to report module id's?"
• Previous message: Crispin Cowan: "Re: Stacking - anyone care how to report module id's?"
• In reply to: Crispin Cowan: "Re: Stacking - anyone care how to report module id's?"
• Next in thread: jmjonesat_private: "Re: Stacking - anyone care how to report module id's?"
• Next in thread: Crispin Cowan: "Re: Stacking - anyone care how to report module id's?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 26 2002 - 11:16:32 PDT