Re: [RFC] No more module_* hooks

• Previous message: Antony Stone: "Re: [RFC] No more module_* hooks"
• In reply to: Antony Stone: "Re: [RFC] No more module_* hooks"
• Next in thread: Greg KH: "Re: [RFC] No more module_* hooks"
• Next in thread: Greg KH: "Re: [RFC] No more module_* hooks"
• Reply: Greg KH: "Re: [RFC] No more module_* hooks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Antony Stone <Antony@Soft-Solutions.co.uk>:

> On Friday 27 September 2002 1:19 pm, Stephen Smalley wrote:
> 
> > On Thu, 26 Sep 2002, Greg KH wrote:
> 
> > > In looking at the hooks that we have, that no one uses, module_*
> were an
> > > easy target.  So here's a series of patches that removes them.  If
> no
> > > one complains, I'll commit these to the main tree.
> 
> > Please see my response to Christoph on this issue, copied to the list.
>  If
> > the criteria is that every hook and every parameter to every hook must
> be
> > used by an existing open source security module, then a number of
> the
> > hooks and parameters need to be pruned.  But I don't think that this
> is a
> > good strategy, as it guarantees that the LSM hooks will need to be
> > extended very frequently as people begin to truly take advantage of
> LSM.
> 
> I agree with this.   We don't necessarily know everything that people
> want to 
> do, or are trying to do, with LSM, and removing some hooks just because
> 
> they're not being used right now is not, IMHO, the right way to prune
> things.
> 
> If there seems to be a good reason in favour of removing something, then
> 
> let's consider removing it, but if the only reason is that we don't know
> 
> anyone who's using it (yet), then I say it should stay in.
> 
> 
> Antony.
> 
> -- 
> 
> Documentation is like sex:
> when it's good, it's very very good;
> when it's bad, it's still better than nothing.
> _______________________________________________
> linux-security-module mailing list
> linux-security-moduleat_private
> http://mail.wirex.com/mailman/listinfo/linux-security-module
> 


So as I understand the module_* hooks will stay ,unless someone has a better
reason to get rid of them, other than :

> > > In looking at the hooks that we have, that no one uses, module_*
> were an
> > > easy target. So here's a series of patches that removes them

Right ?

I also agree with the point Stephen has made:

>as people begin to truly take advantage of LSM.

LSM is new and there will more and more new LSM implementations that utilize
some hooks that other LSMs wont use.

After all, LSM is meant to support many different access control models! 
And in the Usenix paper for LSM it is pointed out that many access control
implementations have already been "adapted" to use the LSM framework.
And not adapt the LSM framework to the existing security modules.
 
The framework should also be "truly generic", as it is mentioned in the same paper.




_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Greg KH: "Re: [RFC] No more module_* hooks"
• Previous message: Antony Stone: "Re: [RFC] No more module_* hooks"
• In reply to: Antony Stone: "Re: [RFC] No more module_* hooks"
• Next in thread: Greg KH: "Re: [RFC] No more module_* hooks"
• Next in thread: Greg KH: "Re: [RFC] No more module_* hooks"
• Reply: Greg KH: "Re: [RFC] No more module_* hooks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 05:42:19 PDT