[rsbac] 1.1.2 and 2.4.18
Dmitry V. Levin
rsbac@rsbac.org
Tue, 12 Mar 2002 17:29:02 +0300
--C7zPtVaVf+AK4Oqc
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Tue, Mar 12, 2002 at 09:37:40AM +0100, Amon Ott wrote:
> > Could you reduce a number of system calls for RSBAC?
> > Each new kernel version have a couple of new syscalls (e.g. for XFS,
> > LSM, ... ) and we'll have a big problems in the future.
> > We already have a big problems to merge RSBAC patch with big number
> > other patches with own additional system calls.
>
> I just moved the RSBAC syscalls to start from 300, to give more room.
> Actually, there is no problem in moving them further up to e.g. 400 (like in
> alpha arch) - just a slightly larger syscall table.
And userspace tools compatibility problem.
> > What about one big system call like ioctl?
>
> That would be a lot of work... You know that I already packed a lot of
> subcalls into some of the existing calls, e.g. rsbac_acl.
Merging these calls to single system call will definitely save our efforts
in the future.
There is a wellknown method to ease implementation and support of
userspace tools - write a library with wrappers to system call(s).
This library could also deal with kernel version dependent syscalls.
> > About admin tools: it's not a big problem to use old admin tools for the
> > old versions.
>
> It is ugly, if you have several kernel versions installed. And you already
> complained about unnecessary binaries...
Agreed. I'd prefer not to rebuild all admin tools for each kernel syscall
migration.
Regards,
Dmitry
+-------------------------------------------------------------------------+
Dmitry V. Levin mailto://ldv@alt-linux.org
ALT Linux Team http://www.altlinux.com/
Fandra Project http://www.fandra.org/
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.
--C7zPtVaVf+AK4Oqc
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8jhCu9viEa8HiNCkRAkuUAJ9VFUBPFbLlvGQm63FiQ8biRulkRQCeNKVd
qeCw7W2PHUXrmKglUWUi5fA=
=0MAr
-----END PGP SIGNATURE-----
--C7zPtVaVf+AK4Oqc--