On 31/01/2005 20:33:09 linux-security-module-bounces wrote: >The question is whether verify should be called on secondary modules, as >you might otherwise end up calling the dummy module's hook function >multiple times if two or more of the stacked security modules fail to >define the hook. Are you concerned for it only because of performance reason,s or because it causes broken behavior? Maybe I am missing something but I can't see that I am at the moment. In my other reply to Serge I have laid an example of two stacked modules. One of them implements a restrictive hook, while the other does not. Dummy version gets called which destroys the overall result in the stacker - approved operation now becomes forbidden. Therefore I think that verify_ops should definetly be dropped if full blown and transparent stacking will be implemented.
This archive was generated by hypermail 2.1.3 : Tue Feb 01 2005 - 05:54:05 PST