* Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote: > On Fri, 2011-05-13 at 16:57 +0200, Ingo Molnar wrote: > > this is a security mechanism > > Who says? [...] Kernel developers/maintainers of the affected code. We have security hooks all around the kernel, which can deny/accept execution at various key points, but we do not have 'execute arbitrary user-space defined (safe) scripts' callbacks in general. But yes, if a particular callback point is defined widely enough to allow much bigger intervention into the flow of execution, then more is possible as well. > [...] and why would you want to unify two separate concepts only to them > limit it to security that just doesn't make sense. I don't limit them to security - the callbacks themselves are either for passive observation or, at most, for security accept/deny callbacks. It's decided by the subsystem maintainers what kind of user-space control power (or observation power) they want to allow, not me. I would just like to not stop the facility itself at the 'observe only' level, like you suggest. Thanks, Ingo
