[rsbac] 1.1.2 and 2.4.18
Amon Ott
rsbac@rsbac.org
Tue, 12 Mar 2002 18:07:29 +0100
On Tuesday, 12. March 2002 15:29, Dmitry V. Levin wrote:
> On Tue, Mar 12, 2002 at 09:37:40AM +0100, Amon Ott wrote:
> > > Could you reduce a number of system calls for RSBAC?
> > > Each new kernel version have a couple of new syscalls (e.g. for XFS,
> > > LSM, ... ) and we'll have a big problems in the future.
> > > We already have a big problems to merge RSBAC patch with big number
> > > other patches with own additional system calls.
> >
> > I just moved the RSBAC syscalls to start from 300, to give more room.
> > Actually, there is no problem in moving them further up to e.g. 400 (like
> > in alpha arch) - just a slightly larger syscall table.
>
> And userspace tools compatibility problem.
More clearly: I moved 1.2.0-pre5. You will have to compile new tools anyway.
> > > What about one big system call like ioctl?
> >
> > That would be a lot of work... You know that I already packed a lot of
> > subcalls into some of the existing calls, e.g. rsbac_acl.
>
> There is a wellknown method to ease implementation and support of
> userspace tools - write a library with wrappers to system call(s).
> This library could also deal with kernel version dependent syscalls.
Just the packing in and out and getting params to/from kernel space make
things a significant amount of work (and some overhead). The library is just
one part of it.
Amon.
--
http://www.rsbac.org