* Seth Arnold (sarnoldat_private) wrote: > On Fri, Oct 05, 2001 at 07:23:11PM -0700, Crispin Cowan wrote: > > There are two conflicting schools of thought on this issue: > > > > * conditional compilation is bad: hard to maintain, etc. So just > > use straight hooks, and make them as efficient as possible. > > * you can't please everyone, so make LSM config'able. > > I think what the "no conditional compilation" is a prohibition against > is actually #ifdefs in the .c files. If our security.h header file has > two different definitions for the hooks, along these lines: > > #ifdef CONFIG_LSM_SCAFFOLD > #define foo_hook(x,y,z) _foo_hook((x),(y),(z)) > #else > #define foo_hook(x,y,z) do { } while(0) > #endif yes, as greg mentioned, i don't think this is a problem. the only real challenge with conditional compilation is making it Do The Right Thing (TM). since we have taken real kernel access control logic and pushed it into the dummy or capabilities modules, we'd need to make sure the conditional compile actually handled those cases correctly. -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Oct 08 2001 - 10:00:30 PDT