From: Crispin Cowan <crispinat_private> Date: Fri, 18 Oct 2002 00:04:00 -0700 Christoph Hellwig wrote: >On Thu, Oct 17, 2002 at 01:10:31PM -0700, Greg KH wrote: >I know. but hiding them doesn't make them any better.. Actuall, yes it does, and that is the point. You don't have to like SELinux's system calls, or any other module's syscalls. The whole point of LSM was to decouple security design from the Linux kernel development. Anything which passes a completely opaque value through a system call is a sign of trouble, design wise. There is simply no way we can enfore proper portable typing by all these security module authors such that we can do any kind of proper 32-bit/64-bit syscall translation on the ports that need to do this. If we do things such as the fs stacking or fs filter ideas, that eliminates a whole swath of the facilities the security_ops "provide". No ugly syscalls passing opaque types through the kernel to some magic module, but rather a real facility that is useful to many things other than LSM. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 00:16:19 PDT