On Thu, 2007-03-08 at 09:40 -0800, Chris Wright wrote: > * Serge E. Hallyn ([EMAIL PROTECTED]) wrote: > > Are you objecting only to the duplication at the callsites, so that an > > fsnotify-type of consolidation of security and integrity hooks would be > > ok? Or are you complaining that the security_inode_setxattr and > > integrity_inode_setxattr hooks are too similar anyway, and integrity > > modules should just use some lsm hooks for anything which will be > > authoritative? > > It's duplication of callsites with many identical implementations > that's the problem. > > > (I could see an argument that integirty subsystem should be purely for > > measuring and hence its hooks should never return a value. Only hitch > > there is that if integrity subsystem hits ENOMEM it should be able to > > refuse the action...) > > Right, that's what I was expecting to see, just the measurement > infrastructure.
There are a total of 10 Linux Integrity Module(LIM) hooks. Seven of which parallel the LSM hooks, out of the ~150 LSM hooks. 3 of the LIM hooks are for initializing, allocating, and freeing the inode- >i_integrity, used for caching integrity information. As the integrity information is stored as extended attributes, 2 hooks are for catching changes to the extended attributes, one is for updating the extended attributes when the file closes, and d_instantiate is used for initialization. Is this excessive? How else would you design integrity, without using the LSM hooks? Mimi Zohar - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/