Tetsuo Handa 写道:
I also want LSM framework add some hooks.
The problems are at accept() and recvmsg() operation.
I want to return error on security_socket_post_accept().
I want a new hook security_socket_post_recvmsg() that are called AFTER
sock_recvmsg() is called.
Yes, for some LSM hooks, maybe it's a not good idea to return void, I
mean, why not return an int?
Thus the hook can do a lot more things, and it will be more flexible for
a security module writer.
It seems that for some reason people tend to keep things as simple as
possible.
As for security_socket_post_recvmsg(), I think I can understand your
feeling when your life could be
a lot more easier if the hook you need is right there and it isn't there :-P
By the way, I'm going to have a session about TOMOYO Linux
at Embedded Linux Conference 2007 (http://www.celinux.org/elc2007/)
and Linux Symposium 2007
(http://www.linuxsymposium.org/2007/speakers.php?types=bofs).
If you can attend them, please come and see TOMOYO Linux.
It seems that you have done a lot of work to make TOMOYO linux easy to
use, which is good.
I was always thinking how to make the security mechanisms more friendly
to users, I mean, how to
make it easy for users to turn their security needs into correct
configurations.
Thanks
hao
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
