Re: LSM stacker update

From: Crispin Cowan (crispin@private)
Date: Tue Feb 01 2005 - 05:30:58 PST


Serge E. Hallyn wrote:

>I hadn't considered that.  It does seem to then enforce that any
>security module keeping state on kernel objects must be compiled in
>so as to catch them when they are created.  But that may not be a
>bad thing, and it would be nice to be able to drop the rwlock.
>  
>
Forcing a stackable module to be compiled in would seem to be a fatal 
flaw. The whole point of stacking is to be able to compose things that 
your upstream provider did not think of.

Crispin

-- 
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com



This archive was generated by hypermail 2.1.3 : Tue Feb 01 2005 - 05:32:47 PST