Quoting Tony Jones ([email protected]):
Thanks, Tony. I'll address each of these in the next patchset. Just
two things I wanted to actually converse about:
> 5) /*
> * Workarounds for the fact that get and setprocattr are used only by
> * selinux. (Maybe)
> */
>
> No complaints on selinux getting to avoid the (module), they are intree.
> Just a FYI that SubDomain/AppArmor uses these hooks also.
And is it ok with using the "some_data (apparmor)" convention?
The special handling of selinux is intended to be temporary, due to the
large base of installed userspace which hasn't yet been updated. I
would imagine that at some point that code would go away.
> I noticed the conditional CONFIG_SECURITY_STACKER code went away, previously
> it would look at the value chain head only for the !case. But this comment
> still remains.
Yes, after I added the unlink function, it started to seem that the
special cases for !CONFIG_SECURITY_STACKER wouldn't be any faster than
the stacker versions. They still might be, but I'll have to think about
it. If I just ditch those, then I can probably ditch the whole
security-stack.h file, and move those declarations into security.h.
They were just in their own file because Stephen had pointed out that
switching between stacker and non-stacker would cause too much code to
be recompiled.
thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |