On Mon, Mar 10, 2003 at 01:13:10AM +0100, Petr Baudis wrote:
>
> the following patch (against 2.5.64) introduces kobject infrastructure
> scaffolding to the LSM framework. It does nothing but allocating security root
> subsystem for the LSMs, so that they are tied to one specific point in the
> kobject hierarchy. They are suggested to create own subsystems under the
> security subsystem, however such things are completely up to the individual
> LSMs and not regulated by core in any way (it's not that I would so much like
> such an approach, but I was advised so by GregKH and it makes sense in its own
> way as well).
Hm, I thought I advised not doing this at all :)
Anyway, if we were to add this, you might want to:
> +
> +/* kobject stuff */
> +
> +/* We define only the base subsystem here and leave everything to a LSM. It is
> + * heavily recommended that the LSM should create own subsystem under this one,
> + * so that it can be easily made stackable and it doesn't confuse userland by
> + * exporting its stuff directly to /sys/security/. */
> +decl_subsys(security,NULL);
Add a prototype of this variable to security.h so that everyone can
actually see it who wants to use it.
> +/**
> + * security_kobj_init - initializes the security kobject subsystem
> + *
> + * This is called after security_scaffolding_startup as a regular initcall,
> + * since we need sysfs mounted already.
> + */
> +static int __init security_kobj_init (void)
> +{
> + subsystem_register (&security_subsys);
> + return 0;
> +}
> +
> +subsys_initcall(security_kobj_init);
Why not initialize this when the security core is initialized? Why
have a new initcall?
And when do you unregister this subsystem?
> +EXPORT_SYMBOL(security_subsys);
No EXPORT_SYMBOL_GPL() for it? :)
thanks,
greg k-h
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Mar 10 2003 - 13:00:56 PST