* Magosányi Árpád (magat_private) wrote: > Hi! > > What about the idea of defining a generic user space API which > all security modules could provide? > > For application writer there is now a problem of "which security > module to support?". A generic API would eliminate the problem. Yes, agreed. To date, LSM has been more focused on its internal API. TrustedBSD has done a little more work on defining the user space API. It will need to remain simple, yet well-defined. The original API was too freeform, similar to an ioctl call, which still required a lot of app. knowledge of how to pack proper binary structures and call into kernel/security module. This API was outright rejected. Some brief discussions followed, but nothing definitive. Also, part of the SELinux merge has helped define this a bit. Something that is based on strings and has simple get/set operations is what is likely to be most extensible and acceptable. As an aside, some type of BSD compatibility would be nice from the app. writer point of view... thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Aug 12 2003 - 10:58:39 PDT