* Stephen Smalley (sdsat_private) wrote: > > On Tue, 5 Jun 2001, Stephen Smalley wrote: > > > The capable() function remains > > as a stub that calls the LSM capable() hook (or, better, we > > use a script to globally replace all calls to capable() with a > > direct call to the hook). > > Actually, we can avoid the trouble of even this kind of pervasive > change simply by restoring the capable() static inline function > in sched.h and then replacing its contents with a call to the > LSM capable hook. That makes our patch even cleaner without > costing us anything. as a minor nitpick... making a static inline function in sched.h that calls security_ops->capable() will not work without fully exporting the security_ops structure (there are _many_ calls to capable() in drivers/modules). in lieu of exporting the security_ops structure to modules, we _can_ (and do) export a function capable() (neither static nor inline) that calls security_ops->capable(). -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jun 05 2001 - 10:16:27 PDT