Re: [RFC] No more module_* hooks

From: Mike Wray (mike_wrayat_private)
Date: Fri Oct 04 2002 - 02:17:16 PDT

  • Next message: Serge E. Hallyn: "Re: graft_tree/attach_mnt rfc"

    ----- Original Message ----- 
    From: "James Morris" <jmorrisat_private>
    To: "Greg KH" <gregat_private>
    Cc: "Stephen Smalley" <sdsat_private>; <linux-security-moduleat_private>
    Sent: Wednesday, October 02, 2002 1:05 PM
    Subject: Re: [RFC] No more module_* hooks
    > On Sun, 29 Sep 2002, James Morris wrote:
    > > Yes.  There are some networking hooks which (AFAIK) are not being used by 
    > > public GPL projects, which will probably have to be omitted.
    > Just a clarification on this.  The hooks in question are ip_fragment(),
    > ip_defragment(), ip_encapsulate() and ip_decapsulate().  Technically they 
    > are being used by SELinux, which exposes them via its NSID API for 
    > use in labeled networking.  However, nothing is currently using these 
    > components of the NSID API.  If the acid test for submission of hooks to 
    > the mainline kernel is use by a GPL module, I'm not sure how well this 
    > passes.  Certainly, these hooks are necessary for explicitly labeled 
    > networking, and I'd really prefer not to see them go.  The encap/decap 
    > hooks are also potentially useful for nested SA processing under IPsec.
    > It would help a lot if anyone else who may be using these hooks could let 
    > us know (or preferably release some code).
    The module we are working on uses  ip_fragment(), and ip_defragment(),
    but not the others. I'd prefer the ip_enacpsulate(), ip_decapsulate()
    hooks to stay for the same reasons as above. And since SELinux has code
    attached to them I'd say they are 'in-use'.
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Fri Oct 04 2002 - 02:18:14 PDT