Casey Schaufler (on Sat, 11 Aug 2007 12:56:42 -0700 (PDT)) wrote:
>
>--- Arjan van de Ven <[email protected]> wrote:
>> > +#include <linux/kernel.h>
>> > +#include <linux/vmalloc.h>
>> > +#include <linux/security.h>
>> > +#include <linux/mutex.h>
>> > +#include <net/netlabel.h>
>> > +#include "../../net/netlabel/netlabel_domainhash.h"
>>
>> can't you move this header to include/ instead?
>
>Paul Moore, the developer of netlabel, promised to work out
>the right solution for this with me at a future date. He
>doesn't want to move the header, and I respect that.
foo.c has
#include "netlabel_domainhash.h"
Makefile has CFLAGS_foo.o += -I$(srctree)/net/netlabel
I prefer to use -I $(srctree)/net/netlabel for readability but '-I '
breaks on SuSE builds for some reason that I cannot be bothered working
out. -I$(srctree)/net/netlabel works.
>> > + doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL);
>> > + if (doip == NULL)
>> > + panic("smack: Failed to initialize cipso DOI.\n");
>> > + doip->map.std = NULL;
>> > +
>> > + ndmp = kmalloc(sizeof(struct netlbl_dom_map), GFP_KERNEL);
>> > + if (ndmp == NULL)
>> > + panic("smack: Failed to initialize cipso ndmp.\n");
>>
>>
>> is panic() really the right thing here? It's usually considered quite
>> rude ;)
>
>It's really early in start-up and if you're out of memory at that
>point you are not going very far into the future.
Not to mention that you might end up running with an insecure system.
Security must be failsafe.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
