On Tue, Aug 14, 2001 at 08:02:56PM -0400, jmjonesat_private wrote: > > While there is resistance to conditional code, I would like to point out > as a "base" that applying the patch or NOT applying the patch is a > "condition"... the difference is a Y/N/M answer in make config or a > download and one line of command. > > .... > > 3) MACROS are not really necessary in the current model. All the hooks > are "out negative"... by which I mean that if you don't patch the kernel > at all, there's no cost. Therefore, macros are not necessary.... just > make the whole ball of wax optional. OK, I think we have a failure to communicate here. I was asked to suggesst ways in which the LSM patch could be integrated into the mainline kernel sources, so that it wouldn't be necessarily to patch the kernel first, and so to make it easier to keep LSM tracking against future kernel versions (since if the code is in the kernel sources, even if under a ifdef, or under the use of a cpp macro which may evaluate to nothing, then when kernel developers make changes to the kernel, they will likely the LSM hooks, and so LSM can much more easily track future kernel versions). But if your assumption is that LSM is always going to be a separate patch which must be applied to the kernel, and which you must manually update each time the kernel changes, why are you bothering to talk to me or any other kernel developer for that matter? Just keep doing the patch, and you can make it as ugly, and as intrusive, and as hard as maintain against future kernel versions as you like. You'll find it a lot harder to get the attention of the rest of the Linux world, but that's certainly a choice that you have. No one is forcing you to do anything, remember.... - Ted _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Aug 15 2001 - 19:02:40 PDT