[PATCH 0/3] LSM hooks consolidation

[Kurt Garloff <garloff@suse.de>]

Hi,

here is the version of my patches that rework the security 
stubs in security.h a bit to allow for better maintainability
and allow the possibility of using conditionals over indirect
calls. The latter has been found beneficial with tcp_rr benchmarks
on ia64.

To stress the maintainability point: One of the void stubs had a
return statement in there, which was inconsistent between the
cap_ and security_ops-> versions.

The first patch, as a prerequisiste, makes capabilities the default
for CONFIG_SECURITY=y rather than the dumb dummy, which results in
a broken system -- which makes everybody wanting to load capability.
Not the idea, as this makes loading other LSMs problematic ...

Note that I did not drop dummy completely. I think it should ... but
currently LSMs that don't have all functions implement fall back to
the implementations in dummy. I did not want to change behaviour and
fall back to the ones in capability. Most are identical between cap
and dummy, but I did not review all existing LSMs. It could be done
at a second step if deemed viable.

Note that the patches have been discussed before:
http://www.ussg.iu.edu/hypermail/linux/kernel/0502.1/1040.html
http://www.ussg.iu.edu/hypermail/linux/kernel/0408.1/0623.html

In comparison to the last submission, I have dropped the unlikely() 
stuff that seemed too controversial. 
The patch 2 which does the main cleanup has been split in two.
The first is produced by a little python script that parses the
function implementations and the ifdefs and reorders them, so
they end up next to each other. This greatly simplifies the creation
of the next patch and minimizes the chances to screw up.
I marked these patches 2a and 2b.

Please apply!
-- 
Kurt Garloff, Director SUSE Labs, Novell Inc.

Attachment: pgp3fLhzdIBuJ.pgp
Description: PGP signature