[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering
Peter Zijlstra
peterz at infradead.org
Fri May 13 23:08:52 EST 2011
On Fri, 2011-05-13 at 14:54 +0200, Ingo Molnar wrote:
> I think the sanest semantics is to run all active callbacks as well.
>
> For example if this is used for three stacked security policies - as if 3 LSM
> modules were stacked at once. We'd call all three, and we'd determine that at
> least one failed - and we'd return a failure.
But that only works for boolean functions where you can return the
multi-bit-or of the result. What if you need to return the specific
error code.
Also, there's bound to be other cases where people will want to employ
this, look at all the various notifier chain muck we've got, it already
deals with much of this -- simply because users need it.
Then there's the whole indirection argument, if you don't need
indirection, its often better to not use it, I myself much prefer code
to look like:
foo1(bar);
foo2(bar);
foo3(bar);
Than:
foo_notifier(bar);
Simply because its much clearer who all are involved without me having
to grep around to see who registers for foo_notifier and wth they do
with it. It also makes it much harder to sneak in another user, whereas
its nearly impossible to find new notifier users.
Its also much faster, no extra memory accesses, no indirect function
calls, no other muck.
More information about the Linuxppc-dev
mailing list