Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Fri, 18 Oct 2002 12:46:30 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Fri, 18 Oct 2002 12:46:30 -0400 Received: from chaos.analogic.com ([204.178.40.224]:23168 "EHLO chaos.analogic.com") by vger.kernel.org with ESMTP id ; Fri, 18 Oct 2002 12:46:29 -0400 Date: Fri, 18 Oct 2002 12:52:49 -0400 (EDT) From: "Richard B. Johnson" Reply-To: root@chaos.analogic.com To: Russell Coker cc: Valdis.Kletnieks@vt.edu, linux-kernel@vger.kernel.org, linux-security-module@wirex.com Subject: Re: [PATCH] remove sys_security In-Reply-To: <200210181838.56735.russell@coker.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1102 Lines: 26 I think, if you are going to reserve a system-call for "security", all you need is one. And, I think you need to reserve one. By default, it calls a dummy procedure that just returns "okay". The security folks can write a module that interfaces with this one security-hook. You only need one such hook because a system call can get a pointer to some structure that tells it what to do. You don't need "N" system calls, only one. Such a simple hook is quite likely the way-to-go. No cruft in the kernel, and upon some reported error, the development people can say; "Unload the security module and see if you still have the error..." Cheers, Dick Johnson Penguin : Linux version 2.4.18 on an i686 machine (797.90 BogoMips). The US military has given us many words, FUBAR, SNAFU, now ENRON. Yes, top management were graduates of West Point and Annapolis. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/