Re: [RFC] No more module_* hooks

From: James Morris (jmorrisat_private)
Date: Wed Oct 02 2002 - 05:05:47 PDT

  • Next message: Wayne Salamon: "New patches"

    On Sun, 29 Sep 2002, James Morris wrote:
    
    > Yes.  There are some networking hooks which (AFAIK) are not being used by 
    > public GPL projects, which will probably have to be omitted.
    
    Just a clarification on this.  The hooks in question are ip_fragment(),
    ip_defragment(), ip_encapsulate() and ip_decapsulate().  Technically they 
    are being used by SELinux, which exposes them via its NSID API for 
    use in labeled networking.  However, nothing is currently using these 
    components of the NSID API.  If the acid test for submission of hooks to 
    the mainline kernel is use by a GPL module, I'm not sure how well this 
    passes.  Certainly, these hooks are necessary for explicitly labeled 
    networking, and I'd really prefer not to see them go.  The encap/decap 
    hooks are also potentially useful for nested SA processing under IPsec.
    
    It would help a lot if anyone else who may be using these hooks could let 
    us know (or preferably release some code).
    
    
    - James
    -- 
    James Morris
    <jmorrisat_private>
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Oct 02 2002 - 05:06:28 PDT