hi folks
the following patch
- modifies the security modules registering code to built a stack of
modules themself
- changes the internal interface of the security functions to get a
pointer to that stack
- the dummy functions always traverse through the stack
- register the dummy functions as a special security module
- drop the cap_* declaration
- drop mod_(un)reg_security
- add a name parameter to (un)register_security
missing things
- register_security isn't called, it may decide if it allowes the other
module to be stacked together.
advantages
- it is possible to stack modules together without special support by
the modules
- add functions which will be handled by a non standard module without
need to modify the standard one
problems
- abi change, change of the security inline functions
- root_plug is currently unbuildable because the exports of the cap_*
functions are dropped, it don't need to use them directly
- if the modules don't define a function, the call always travers
through the stack until it hits the dummy module
- more pointer needs to be dereferences, more parameter
future enhancements
- define different stacks for different types of functions (may be
faster)
i currently write a kernel extension which needs a security module
themself and i want to be able to load this module regardless of the
actual loaded modules.
i know that the patch is large, it needs to change one thing many times.
bastian
-- Captain's Log, star date 21:34.5...
This archive was generated by hypermail 2b29 : Mon Jun 23 2003 - 22:00:34 EST