From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Tue 23 Sep 2003 - 13:41:17 BST
On Tue, Sep 23, 2003 at 10:41:59AM +0100, Sam Vilain wrote:
> > > > guess we need some central syscall switch, as proposed
> > > > by yourself, and a nice (working) concept for context
> > > > creation, manipulation and destruction ...
> > > Or we reuse some other security framework's system call
> > > for that, if possible.
> > if appropriate ..
> > (I have no problem with sharing ;)
>
> Excellent, so we'd take the problem of allocating a syscall, which
> translates to performing an action based on the value of a CPU
> register inside the syscall switch, and move it to being a problem for
> allocating the values of another kernel-side switch, inside one of
> those switches! As Hal Fulton would say, "Complexity cannot be
> destroyed, it can only be transferred from one place to another."
>
> Seriously, though - I don't think this is necessarily a good idea
> unless there is a strong relevance between the functionality of the
> two syscalls, or if they are otherwise grouped. For instance, it
> would add complexity to have the quota enhancements use the same
> syscalls as set_ipv4root.
the quota enhancements use the quotactl interface
provided for such stuff ... so that isn't a good
example ...
more to this as reply to Rik's answer ...
best,
Herbert
> --
> Sam Vilain, sam_at_vilain.net
>
> An OO surgeon would hand the scalpel to the patient and say: "now
> perform this operation on yourself!".
>
>