Re: [PATCH] remove sys_security

Greg KH (greg@kroah.com)
Thu, 17 Oct 2002 13:10:31 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Christoph Hellwig: "Re: [PATCH] remove sys_security"
Previous message: Robert Love: "Re: [PATCH] pre-decoded wchan output"

On Thu, Oct 17, 2002 at 09:04:02PM +0100, Christoph Hellwig wrote:
> On Thu, Oct 17, 2002 at 12:07:23PM -0700, Greg KH wrote:
> > But this will require every security module project to petition for a
> > syscall, which would be a pain, and is the whole point of having this
> > sys_security call.
>
> And the whole point of the reemoval is to not make adding syscalls
> easy. Adding a syscall needs review and most often you actually want
> a saner interface.

Ok, I think it's time for someone who actually cares about the security
syscall to step up here to try to defend the existing interface. I'm
pretty sure Ericsson, HP, SELinux, and WireX all use this, so they need
to be the ones defending it.

> > How would they be done differently now? Multiple different syscalls?
>
> Yes.

Hm, in looking at the SELinux documentation, here's a list of the
syscalls they need:
http://www.nsa.gov/selinux/docs2.html

That's a lot of syscalls :)

thanks,

greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christoph Hellwig: "Re: [PATCH] remove sys_security"
Previous message: Robert Love: "Re: [PATCH] pre-decoded wchan output"