On Friday 27 September 2002 5:34 pm, Greg KH wrote: > On Fri, Sep 27, 2002 at 08:09:50AM -0400, Stephen Smalley wrote: > > > Also is there a _real_ need to pass in all the arguments? > > > > Define _real_. It is true that none of the existing open source security > > modules presently use this particular hook. SELinux doesn't presently > > use it, but it seems reasonable to support finer-grained control over > > ioperm() than the all-or-nothing CAP_SYS_RAWIO. Is the criteria that > > every hook and every parameter to every hook must be used by an existing > > open source security module? If so, then yes, this hook can be dropped. > > Yes, I think that is the criteria for any security hook. So it (and > others) should be dropped. Why do you want to stop any new open source projects from having access to these hooks, just because they are not being used by current projects ? It seems like saying a couple of years ago "no-one's using these USB functions, so we're going to get rid of them", simply because not enough people had bought USB stuff to play with yet. I think you run the risk of seriously restricting the wider take-up of LSM if you remove parts of it without a good reason (such as conflicts with something else which is deemed more important, or a significant change to the overall architecture). Antony. -- Abandon hope, all ye who enter here. You'll feel much better about things once you do. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 09:49:27 PDT