Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756796AbYKTTWp (ORCPT ); Thu, 20 Nov 2008 14:22:45 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754924AbYKTTWh (ORCPT ); Thu, 20 Nov 2008 14:22:37 -0500 Received: from igw3.watson.ibm.com ([129.34.20.18]:38086 "EHLO igw3.watson.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754906AbYKTTWh (ORCPT ); Thu, 20 Nov 2008 14:22:37 -0500 Subject: Re: [PATCH 2/4] integrity: Linux Integrity Module(LIM) From: david safford To: Christoph Hellwig Cc: Mimi Zohar , linux-kernel@vger.kernel.org, Andrew Morton , James Morris , Al Viro , Serge Hallyn , Mimi Zohar In-Reply-To: <20081120174506.GA20972@infradead.org> References: <20081120174506.GA20972@infradead.org> Content-Type: text/plain Content-Transfer-Encoding: 7bit Date: Thu, 20 Nov 2008 14:21:38 -0500 Message-Id: <1227208898.3066.36.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 (2.22.3.1-1.fc9) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 751 Lines: 17 On Thu, 2008-11-20 at 12:45 -0500, Christoph Hellwig wrote: > Ok, the API looks sane to me. But one big question: any reason you > don't just directly call into your implementation instead of all these > odd hooks? This seems to be a lot of overhead just for making the code > less readable.. > The consensus in the (insane) security community was to have an interface with selectable modules similar to LSM and its modules, so that users could easily choose among a set of integrity providers. dave -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/