Re: [RFC] No more module_* hooks

From: Chris Wright (chrisat_private)
Date: Mon Sep 30 2002 - 01:14:35 PDT

  • Next message: Mike Wray: "Re: graft_tree/attach_mnt rfc"

    * Greg KH (gregat_private) wrote:
    > 
    > Obviously the module_* hooks were wrong to do, as they are not being
    > used.  So I want to remove them.
    
    Greg, I think this is a step in the wrong direction (backwards).  Granted,
    the module_* hooks are duplicates with capable() hooks, but removing
    them is wrong.  I believe the right thing to do is bite the bullet and
    deal with the duplication by removing the capable() hooks.
    
    kernel/module.c (x3)
    kernel/sysctl.c (x1)
    net/core/dev.c  (x1)
    
    are the only refs I see...the first three being painfully simple ;-)
    
    > I think we should go back through all of the hooks and check to make
    > sure that they are in use, and that they are sanely protecting what we
    > think they are protecting, before we submit them to the main kernel
    > tree.
    > 
    > Is this ok?
    
    This seems more than reasonable, but I believe we should consider
    collapsing capable() hooks into existing LSM hooks rather than the other
    way around.  How's that sound?
    
    thanks,
    -chris
    -- 
    Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 01:22:14 PDT