On Fri, 2005-08-26 at 07:54 -0500, serue@private wrote: > For conceptual simplicity I think keeping an actual module for it around > will be best. Then other module can either stack with it, or not, > however they prefer. It seems like the direct use of the cap functions would be the preferred way of combining other modules with the capability logic given that the cap functions will now always be built-in. Not using stacker at all for that purpose. > Actually that's not quite the way it works under stacker right now. > If no module is loaded, then dummy is used, but if a module is loaded, > then stacker doesn't call dummy__hook if the module doesn't define that > hook. (Though there are a few hooks which are specially handled, ie > __vm_enough) > > So switching from having dummy be the default module when nothing is > stacked, to having capability, is simple enough. Hmm...well, with these changes, we are looking at dropping the SELinux hooks that only call the corresponding cap function, thereby falling back to the default path in the static inlines (without stacker). So we'd expect the same behavior with stacker. -- Stephen Smalley National Security Agency
This archive was generated by hypermail 2.1.3 : Fri Aug 26 2005 - 09:58:39 PDT