I think, if you are going to reserve a system-call for "security",
all you need is one. And, I think you need to reserve one.
By default, it calls a dummy procedure that just returns "okay".
The security folks can write a module that interfaces with this
one security-hook. You only need one such hook because a system
call can get a pointer to some structure that tells it what to
do. You don't need "N" system calls, only one.
Such a simple hook is quite likely the way-to-go. No cruft in
the kernel, and upon some reported error, the development people
can say; "Unload the security module and see if you still have
the error..."
Cheers,
Dick Johnson
Penguin : Linux version 2.4.18 on an i686 machine (797.90 BogoMips).
The US military has given us many words, FUBAR, SNAFU, now ENRON.
Yes, top management were graduates of West Point and Annapolis.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Oct 23 2002 - 22:00:41 EST