Re: new stacker module

From: Serge E. Hallyn (hallyn@private)
Date: Mon Nov 17 2003 - 10:53:09 PST

Next message: Michael A. Halcrow: "[PATCH] BSD Secure Levels LSM"

Previous message: Chris Wright: "Re: new stacker module"
In reply to: Chris Wright: "Re: new stacker module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I like the idea of better stacking, but many of the current hooks really
> expect the user to set the blob in the object after allocating it.  This
> conflicts with the stacker, no?  IOW, the cooperation you mention above
> means changing the allocation routines for any module that wants to be
> stacked.

I'm not sure I'm understanding you right.  Yes, any module wanting to be
stacked will need to be modified.  But nothing needs to change fundamentally.
Wherever you used to do
	struct my_inode_sec *isec = inode->i_security;
you now use
	isec = get_security(inode,inode,i_security);

and wherever you used to do
	inode->i_security = isec;
you now use
	set_security(inode,inode,i_security,isec);

It's somewhat invasive, but very superficial.

-serge

Next message: Michael A. Halcrow: "[PATCH] BSD Secure Levels LSM"
Previous message: Chris Wright: "Re: new stacker module"
In reply to: Chris Wright: "Re: new stacker module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Nov 17 2003 - 10:53:59 PST