On Mon, Jun 27, 2005 at 03:28:44PM -0500, serue@private wrote: Just make sure dummy can't be unloaded by /sys/stacker/unload. I didn't bother to enforce this. I was pondering a soln where dummy isn't really loaded per-se, but it's hook is called whenever no registered sub-module implements a given hook (all are NULL) which would achieve the same purposes as the patch when no sub modules are loaded. But I need to go page in the past discussion regarding verify and security_fixup_ops(). I'd still like to see dummy go away and capability become the default. Thanks for putting in a lot of hard work on this Serge, looks like you may achieve what many thought was impossible! Tony > It seems to me the right thing to do is to continue the current > non-stacker behavior of dummy being loaded until something else is > loaded, then popping dummy and pushing the new module. Since dummy > doesn't store any information, and since dummy_security_ops won't be > deleted, there shouldn't be any funky locking issues. I should be able > to just swap demmy with the new module and unset an no_lsms_loaded > boolean all under an rcu_read_lock(). > > Does anyone disagree? Should behavior change? (I'm not sure how else > it would change other than to make capabilities the default) If not, > I'll send out a patch for this tomorrow. > > thanks, > -serge
This archive was generated by hypermail 2.1.3 : Mon Jun 27 2005 - 13:41:06 PDT