* Stephen Smalley (sds@private) wrote: > If you define a common header in security.h and make the security fields > pointers to it rather than just void*, then you've defined a common > convention for all security modules to embed those headers in their own > security blobs, with those headers including both a module id and a list > pointer that can be accessed by any security module. If you just make > it a list pointer, a given security module has no standard way of > vetting whether the referenced object is owned by it. > Right? On the other hand, your suggestion is more flexible and allows a > LSM to avoid wasting space for the module id entirely if it so chooses, > so that may be preferred. They're not mutually exclusive, we'd only want to put the list in the object, and it can certainly be a chain of things with well-known structure including both id and data. It seems safe to do lockless traversal across such a list, or am I just dreaming? thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 11:04:58 PDT