----- Original Message ----- From: "James Morris" <jmorrisat_private> To: "Greg KH" <gregat_private> Cc: "Stephen Smalley" <sdsat_private>; <linux-security-moduleat_private> Sent: Wednesday, October 02, 2002 1:05 PM Subject: Re: [RFC] No more module_* hooks > On Sun, 29 Sep 2002, James Morris wrote: > > > Yes. There are some networking hooks which (AFAIK) are not being used by > > public GPL projects, which will probably have to be omitted. > > Just a clarification on this. The hooks in question are ip_fragment(), > ip_defragment(), ip_encapsulate() and ip_decapsulate(). Technically they > are being used by SELinux, which exposes them via its NSID API for > use in labeled networking. However, nothing is currently using these > components of the NSID API. If the acid test for submission of hooks to > the mainline kernel is use by a GPL module, I'm not sure how well this > passes. Certainly, these hooks are necessary for explicitly labeled > networking, and I'd really prefer not to see them go. The encap/decap > hooks are also potentially useful for nested SA processing under IPsec. > > It would help a lot if anyone else who may be using these hooks could let > us know (or preferably release some code). > The module we are working on uses ip_fragment(), and ip_defragment(), but not the others. I'd prefer the ip_enacpsulate(), ip_decapsulate() hooks to stay for the same reasons as above. And since SELinux has code attached to them I'd say they are 'in-use'. Mike _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Oct 04 2002 - 02:18:14 PDT