Re: [RFC] No more module_* hooks

From: dlambrouat_private
Date: Fri Sep 27 2002 - 05:49:41 PDT

  • Next message: Greg KH: "Re: [RFC] No more module_* hooks"

    Quoting Antony Stone <Antony@Soft-Solutions.co.uk>:
    
    > On Friday 27 September 2002 1:19 pm, Stephen Smalley wrote:
    > 
    > > On Thu, 26 Sep 2002, Greg KH wrote:
    > 
    > > > In looking at the hooks that we have, that no one uses, module_*
    > were an
    > > > easy target.  So here's a series of patches that removes them.  If
    > no
    > > > one complains, I'll commit these to the main tree.
    > 
    > > Please see my response to Christoph on this issue, copied to the list.
    >  If
    > > the criteria is that every hook and every parameter to every hook must
    > be
    > > used by an existing open source security module, then a number of
    > the
    > > hooks and parameters need to be pruned.  But I don't think that this
    > is a
    > > good strategy, as it guarantees that the LSM hooks will need to be
    > > extended very frequently as people begin to truly take advantage of
    > LSM.
    > 
    > I agree with this.   We don't necessarily know everything that people
    > want to 
    > do, or are trying to do, with LSM, and removing some hooks just because
    > 
    > they're not being used right now is not, IMHO, the right way to prune
    > things.
    > 
    > If there seems to be a good reason in favour of removing something, then
    > 
    > let's consider removing it, but if the only reason is that we don't know
    > 
    > anyone who's using it (yet), then I say it should stay in.
    > 
    > 
    > Antony.
    > 
    > -- 
    > 
    > Documentation is like sex:
    > when it's good, it's very very good;
    > when it's bad, it's still better than nothing.
    > _______________________________________________
    > linux-security-module mailing list
    > linux-security-moduleat_private
    > http://mail.wirex.com/mailman/listinfo/linux-security-module
    > 
    
    
    So as I understand the module_* hooks will stay ,unless someone has a better
    reason to get rid of them, other than :
    
    > > > In looking at the hooks that we have, that no one uses, module_*
    > were an
    > > > easy target. So here's a series of patches that removes them
    
    Right ?
    
    I also agree with the point Stephen has made:
    
    >as people begin to truly take advantage of LSM.
    
    LSM is new and there will more and more new LSM implementations that utilize
    some hooks that other LSMs wont use.
    
    After all, LSM is meant to support many different access control models! 
    And in the Usenix paper for LSM it is pointed out that many access control
    implementations have already been "adapted" to use the LSM framework.
    And not adapt the LSM framework to the existing security modules.
     
    The framework should also be "truly generic", as it is mentioned in the same paper.
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 05:42:19 PDT