Christoph Hellwig wrote:
>On Thu, Oct 17, 2002 at 01:10:31PM -0700, Greg KH wrote:
>I know. but hiding them doesn't make them any better..
Actuall, yes it does, and that is the point. You don't have to like
SELinux's system calls, or any other module's syscalls. The whole point
of LSM was to decouple security design from the Linux kernel development.
Anything which passes a completely opaque value through a system
call is a sign of trouble, design wise.
There is simply no way we can enfore proper portable typing by
all these security module authors such that we can do any kind
of proper 32-bit/64-bit syscall translation on the ports that
need to do this.
If we do things such as the fs stacking or fs filter ideas,
that eliminates a whole swath of the facilities the security_ops
"provide". No ugly syscalls passing opaque types through the kernel
to some magic module, but rather a real facility that is useful
to many things other than LSM.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/