Hey! Wait! Stacker uses module_delete! Please don't remove that hook! If you look at the code for the Stacker LSM (http://www.dwheeler.com/misc/stacker.c), you'll find code for stacker_module_delete. In the default case, this code prevents users from removing modules that are stacked UNLESS they have been deactivated first. For speed, Stacker by default DOES NOT lock individual access requests. Thus, if it simply allowed stacked modules to be removed, removing those modules would essentially guarantee a kernel panic. You can't "just wait" either, because without locks the kernel doesn't know how long to wait. Instead, it imposes an additional step before modules can be removed. Stacker is a GPL'ed LSM module, and has been released to the public for some time. Sorry I haven't spoken up before, I've been off doing other things. By the way, does the elimination of module_* mean that LSM is unable to implement the BSD jail() function (where some root users can't do certain functions)? I think it does. I don't know if anyone thinks that's a problem. --- David A. Wheeler _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Oct 03 2002 - 12:14:57 PDT