[rsbac] 1.1.2 and 2.4.18

Dmitry V. Levin rsbac@rsbac.org
Tue, 12 Mar 2002 17:29:02 +0300

Previous message: [rsbac] 1.1.2 and 2.4.18
Next message: [rsbac] 1.1.2 and 2.4.18
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--C7zPtVaVf+AK4Oqc
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Tue, Mar 12, 2002 at 09:37:40AM +0100, Amon Ott wrote:
> > Could you reduce a number of system calls for RSBAC?
> > Each new kernel version have a couple of new syscalls (e.g. for XFS,
> > LSM, ... ) and we'll have a big problems in the future.
> > We already have a big problems to merge RSBAC patch with big number
> > other patches with own additional system calls.
> 
> I just moved the RSBAC syscalls to start from 300, to give more room. 
> Actually, there is no problem in moving them further up to e.g. 400 (like in 
> alpha arch) - just a slightly larger syscall table.

And userspace tools compatibility problem.

> > What about one big system call like ioctl?
> 
> That would be a lot of work... You know that I already packed a lot of 
> subcalls into some of the existing calls, e.g. rsbac_acl.

Merging these calls to single system call will definitely save our efforts
in the future.

There is a wellknown method to ease implementation and support of
userspace tools - write a library with wrappers to system call(s).
This library could also deal with kernel version dependent syscalls.

> > About admin tools: it's not a big problem to use old admin tools for the
> > old versions.
> 
> It is ugly, if you have several kernel versions installed. And you already 
> complained about unnecessary binaries...

Agreed. I'd prefer not to rebuild all admin tools for each kernel syscall
migration.


Regards,
	Dmitry

+-------------------------------------------------------------------------+
Dmitry V. Levin     mailto://ldv@alt-linux.org
ALT Linux Team      http://www.altlinux.com/
Fandra Project      http://www.fandra.org/
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.

--C7zPtVaVf+AK4Oqc
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8jhCu9viEa8HiNCkRAkuUAJ9VFUBPFbLlvGQm63FiQ8biRulkRQCeNKVd
qeCw7W2PHUXrmKglUWUi5fA=
=0MAr
-----END PGP SIGNATURE-----

--C7zPtVaVf+AK4Oqc--

Previous message: [rsbac] 1.1.2 and 2.4.18
Next message: [rsbac] 1.1.2 and 2.4.18
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]