This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] ACM ternary ops?

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] ACM ternary ops?
From: Michael LeMay <lemaymd@xxxxxxxxxxx>
Date: Tue, 30 May 2006 08:52:48 -0400
Delivery-date: Tue, 30 May 2006 05:53:13 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird (X11/20060501)
Hello all,

I am interested in adding support for user-defined mandatory network access control policies to the existing ACM policy framework. The most logical way to do this would be to add more hooks to handle networking and then define another policy module, like chinese wall and type enforcement. However, it doesn't feel right to add a "ternary_ops" structure that is invoked after "secondary_ops". Is there any reasonable justification for not including a link in each ops structure that points to the next policy module in the chain? Essentially, I'd like to convert the current n-pointer structure to the following linked-list structure:

acm_primary_ops -> acm_secondary_ops -> acm_ternary_ops -> ... -> NULL


Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>