David S. Miller wrote: >Anything which passes a completely opaque value through a system >call is a sign of trouble, design wise. > That's interesting. Passing a completely opaque value (actually an integer) through the system call was exactly what we designed it to do, because we saw a design need for pecisely that: so that applications with awareness of a specific module can talk to the module. Could you elaborate on why this is a sign of trouble, design wise? >There is simply no way we can enfore proper portable typing by >all these security module authors such that we can do any kind >of proper 32-bit/64-bit syscall translation on the ports that >need to do this. > THAT I would love to hear about. If all we have to do to save sys_security is change its signature, that'd be great. >If we do things such as the fs stacking or fs filter ideas, >that eliminates a whole swath of the facilities the security_ops >"provide". No ugly syscalls passing opaque types through the kernel >to some magic module, but rather a real facility that is useful >to many things other than LSM. > Yes, that will be wonderful. And the LSM team will be pleased to re-work the desing when stackable file systems appear and we can take advantage of them. Crispin
This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 01:32:27 PDT