On Fri, 27 Sep 2002, Greg KH wrote: > Yes, I think this has always been the criteria for adding hooks. If so, then this criteria wasn't well-communicated or well-enforced, as there are a number of hooks in the LSM patch that are not used by any of the publically available security modules. As I recall, there were a number of hooks added after capable() calls to provide finer-grained control over privileged operations without any specific security module motivating the hook. I think that the rationale for some hooks was simply to provide a consistent and comprehensive interface for controlling kernel operations and kernel objects. LSM simply exposes the kernel objects and operations to security modules. The definition of the LSM hooks can be driven by the kernel's abstractions and operations; they do not have to be dependent on particular security modules. On the other hand, LSM does not try to be truly comprehensive in its fine-grained hooks and does depend on the capable() hook for many operations. So perhaps these hooks are merely cases where we thought we might need finer granularity and it hasn't turned out that way. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 11:30:37 PDT