On Mon, 15 Dec 2003, Chris Wright wrote:
> * James Morris (jmorris@xxxxxxxxxx) wrote:
> > I'm not sure how this would be a namespace issue -- do you mean a data
> > format issue?
> I just mean, applications are coded for specific security module.
Applications which are security aware (i.e. only a few of them) will need
to know the semantics of the security model that they are interacting
with, so I'm not sure that namespace is going to be the biggest challenge.
A good way to handle this is to use external pluggable modules like PAM.
> > Yep, allowing the security module to update the returned length is now
> > implemented.
> > > Perhaps buffer is too small, can len be vector for that info?
> > I would not advise updating len on error -- it's a bad idea in general to
> > interpret any returned data from failed syscalls except the error number.
> Right, in some cases a NULL buffer or 0 buflen is a probe for size.
It's not reliable: the required buffer size could change between calls.
Do you know of any examples of syscalls which do this?