Re: [RFC] No more module_* hooks

From: Stephen Smalley (sdsat_private)
Date: Fri Sep 27 2002 - 11:28:45 PDT

  • Next message: Valdis.Kletnieksat_private: "Re: [RFC] LSM changes for 2.5.38"

    On Fri, 27 Sep 2002, Greg KH wrote:
    
    > Yes, I think this has always been the criteria for adding hooks.
    
    If so, then this criteria wasn't well-communicated or well-enforced, as
    there are a number of hooks in the LSM patch that are not used by any
    of the publically available security modules.  As I recall, there were a
    number of hooks added after capable() calls to provide finer-grained
    control over privileged operations without any specific security module
    motivating the hook.
    
    I think that the rationale for some hooks was simply to provide a
    consistent and comprehensive interface for controlling kernel operations
    and kernel objects.  LSM simply exposes the kernel objects and operations
    to security modules.  The definition of the LSM hooks can be driven by the
    kernel's abstractions and operations; they do not have to be dependent on
    particular security modules.
    
    On the other hand, LSM does not try to be truly comprehensive in its
    fine-grained hooks and does depend on the capable() hook for many
    operations.  So perhaps these hooks are merely cases where we thought we
    might need finer granularity and it hasn't turned out that way.
    
    --
    Stephen D. Smalley, NAI Labs
    ssmalleyat_private
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 11:30:37 PDT