From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael LeMay <lemaymd@lemaymd.com>
Subject: ACM ternary ops?
Date: Tue, 30 May 2006 08:52:48 -0400
Message-ID: <447C4020.4020008@lemaymd.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org

Hello all,

I am interested in adding support for user-defined mandatory network 
access control policies to the existing ACM policy framework.  The most 
logical way to do this would be to add more hooks to handle networking 
and then define another policy module, like chinese wall and type 
enforcement.  However, it doesn't feel right to add a "ternary_ops" 
structure that is invoked after "secondary_ops".  Is there any 
reasonable justification for not including a link in each ops structure 
that points to the next policy module in the chain?  Essentially, I'd 
like to convert the current n-pointer structure to the following 
linked-list structure:

acm_primary_ops -> acm_secondary_ops -> acm_ternary_ops -> ... -> NULL


Thanks.