Re: [PATCH] remove sys_security

From: Christoph Hellwig (hchat_private)
Date: Fri Oct 18 2002 - 05:52:43 PDT

  • Next message: Christoph Hellwig: "Re: [PATCH] remove sys_security"

    On Fri, Oct 18, 2002 at 01:31:35AM -0700, Crispin Cowan wrote:
    > That's interesting. Passing a completely opaque value (actually an 
    > integer) through the system call was exactly what we designed it to do, 
    > because we saw a design need for pecisely that: so that applications 
    > with awareness of a specific module can talk to the module.
    > 
    > Could you elaborate on why this is a sign of trouble, design wise?
    
    Because we already have such a syscall (ioctl) and we see the trouble it
    causes all over the place.  Design yur interfaces properly instead.
    
    > >If we do things such as the fs stacking or fs filter ideas,
    > >that eliminates a whole swath of the facilities the security_ops
    > >"provide".  No ugly syscalls passing opaque types through the kernel
    > >to some magic module, but rather a real facility that is useful
    > >to many things other than LSM.
    > >
    > Yes, that will be wonderful. And the LSM team will be pleased to re-work 
    > the desing when stackable file systems appear and we can take advantage 
    > of them.
    
    So do it know.  It's possible and it just shows you've sent the LSM crap
    without actually thinking about a better design.  Come back when you
    have a proper design.
    
    and btw, as LSM is part of the kernel anyone can and will change it.
    Your LSM team attitude is a bit like that hated CVS mentality..
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 05:53:22 PDT