Re: [PATCH 3/3] Use conditional

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Serge,

On Mon, Jul 04, 2005 at 07:37:21AM -0500, [email protected] wrote:
> Quoting Kurt Garloff ([email protected]):
> > Getting rid of dummy entirely would be better, I agree, but someone
> > needs to review that this won't break anything.
> 
> Unfortunately I think it's way too soon for that.  Even if stacker is
> accepted, it is still a module (for now at least) which can be compiled
> out.  So we'll need dummy hooks for modules (like seclvl) to use.  I
> just don't think it's possible to get rid of that yet.

Hmmmm, getting rid of dummy would mean replacing it with capability.
- The differences between cap and dummy affect a relatively small
  subset of hooks
- If all of these hooks are implemented by all LSMs, we're done and
  can just remove dummy and replace it by capability.
- If not, we'd need to review for all of these LSMs, whether defaulting
  to capability rather than dummy could create a problem and whether 
  that can be addressed easily.

seclvl would probably need some changes, indeed.

root_plug could become shorter :-)

> > So how should we proceed?
> > You want to do the dummy removal first, then have stacker merged
> > and then what remains of my patches? Or should I start ... ?
> 
> I think your patches to make capability the default are the best
> place to start.  Doing the same under stacker will be trivial, and
> I'll do that in the next set I send out.

Sounds good!
-- 
Kurt Garloff, Director SUSE Labs, Novell Inc.

Attachment: pgpBmHivJKP0o.pgp
Description: PGP signature


[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]
  Powered by Linux