David S. Miller wrote:
>Anything which passes a completely opaque value through a system
>call is a sign of trouble, design wise.
>
That's interesting. Passing a completely opaque value (actually an
integer) through the system call was exactly what we designed it to do,
because we saw a design need for pecisely that: so that applications
with awareness of a specific module can talk to the module.
Could you elaborate on why this is a sign of trouble, design wise?
>There is simply no way we can enfore proper portable typing by
>all these security module authors such that we can do any kind
>of proper 32-bit/64-bit syscall translation on the ports that
>need to do this.
>
THAT I would love to hear about. If all we have to do to save
sys_security is change its signature, that'd be great.
>If we do things such as the fs stacking or fs filter ideas,
>that eliminates a whole swath of the facilities the security_ops
>"provide". No ugly syscalls passing opaque types through the kernel
>to some magic module, but rather a real facility that is useful
>to many things other than LSM.
>
Yes, that will be wonderful. And the LSM team will be pleased to re-work
the desing when stackable file systems appear and we can take advantage
of them.
Crispin
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Oct 23 2002 - 22:00:40 EST