Re: [PATCH 2/4] integrity: Linux Integrity Module(LIM)

From: david safford
Date: Thu Nov 20 2008 - 14:22:47 EST

Next message: Ingo Molnar: "Re: [PATCH 30 of 38] xen: implement io_apic_ops"
Previous message: Henrik Rydberg: "[PATCH] hwmon: applesmc: Make applesmc load automatically on startup"
In reply to: Christoph Hellwig: "Re: [PATCH 2/4] integrity: Linux Integrity Module(LIM)"
Next in thread: Christoph Hellwig: "Re: [PATCH 2/4] integrity: Linux Integrity Module(LIM)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2008-11-20 at 12:45 -0500, Christoph Hellwig wrote:
> Ok, the API looks sane to me. But one big question: any reason you
> don't just directly call into your implementation instead of all these
> odd hooks? This seems to be a lot of overhead just for making the code
> less readable..
>

The consensus in the (insane) security community was to have an
interface with selectable modules similar to LSM and its modules,
so that users could easily choose among a set of integrity providers.

dave
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: [PATCH 30 of 38] xen: implement io_apic_ops"
Previous message: Henrik Rydberg: "[PATCH] hwmon: applesmc: Make applesmc load automatically on startup"
In reply to: Christoph Hellwig: "Re: [PATCH 2/4] integrity: Linux Integrity Module(LIM)"
Next in thread: Christoph Hellwig: "Re: [PATCH 2/4] integrity: Linux Integrity Module(LIM)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]