Re: [PATCH] remove sys_security

From: Greg KH (gregat_private)
Date: Thu Oct 17 2002 - 13:10:31 PDT

  • Next message: Christoph Hellwig: "Re: [PATCH] remove sys_security"

    On Thu, Oct 17, 2002 at 09:04:02PM +0100, Christoph Hellwig wrote:
    > On Thu, Oct 17, 2002 at 12:07:23PM -0700, Greg KH wrote:
    > > But this will require every security module project to petition for a
    > > syscall, which would be a pain, and is the whole point of having this
    > > sys_security call.
    > 
    > And the whole point of the reemoval is to not make adding syscalls
    > easy.  Adding a syscall needs review and most often you actually want
    > a saner interface.
    
    Ok, I think it's time for someone who actually cares about the security
    syscall to step up here to try to defend the existing interface.  I'm
    pretty sure Ericsson, HP, SELinux, and WireX all use this, so they need
    to be the ones defending it.
    
    > > How would they be done differently now?  Multiple different syscalls?
    > 
    > Yes.
    
    Hm, in looking at the SELinux documentation, here's a list of the
    syscalls they need:
    	http://www.nsa.gov/selinux/docs2.html
    
    That's a lot of syscalls :)
    
    thanks,
    
    greg k-h
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 13:11:22 PDT