Quoting Hao Xu ([EMAIL PROTECTED]): > Hi! > > I have three questions. > > >>Why? Why stacking should never make its way upstream? > >> > > > >Simplest and least controversial answer is "because noone actually needs > >it." > > > >If that should change, then the community position on stacking might > >change. More likely, they would end up finding that they didn't really > >need lsm stacking after all. > > > >Note that this is about "arbitrary" stacking. Cooperative stacking is > >supported now. > > > What does cooperative stacking mean? Is it stacking a module as a > secondary module by mod_register_security() as supported since linux 2.4 > kernel?
That's step 1. Step 2 is for the hooks in the primary module to explicitly call the hooks in the secondary module. > How do I implement a module that can have another module hooked on as a > secondary module? Did selinux implement this? If yes,Where is the code? Yes, selinux implements cooperative stacking for the capability module. Look for secondary_ops under security/selinux/hooks.c > I have three security modules that need to run at the same time. How do > I stack them all together? See the selinux example. You can of course either have one module stack both the other modules, or have one stack another which stacks the third... -serge - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
