tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: secmodel_register(9) API



On Mon, Dec 05, 2011 at 02:35:53PM -0500, Elad Efrat wrote:
> What the new API allows is interaction between secmodels that are
> built by people who are not part of NetBSD and don't want their
> secmodel to become part of NetBSD but do want to take advantage of
> features in secmodels provided by NetBSD.

That is simply not true.

As I have explained in my reply to jym@ you basically provide the
same functionality that is already available through the linker.

And you want to provide more interaction between secmodels than that the
secmodel_eval approach requires changing NetBSD secmodel code to add
hooks to be called from 3rd party secmodel through secmodel_eval or adding
code to NetBSD secmodel code to call hooks provided by 3rd party
secmodels.  Neither is possible without "becoming part of NetBSD" or
using a source tree with private modifications.  In the latter case
secmodel_eval adds no value, however.

--chris


Home | Main Index | Thread Index | Old Index