On Fri, Jul 12, 2002 at 11:06:34AM +1000, James Morris wrote: > On Thu, 11 Jul 2002, Greg KH wrote: > > > I think we should initially not submit the network stuff at all. Then, > > after the main lsm patch is in, add the network stuff as a separate > > configuration option. I figure all the main battles will have taken > > place by then, so we can just focus on the network issues. > > I feel that the entire LSM API needs to be put forward for discussion, and > that we should be working with the core network developers from the start. > I don't think the networking can be just dropped in as an afterthought. > > Why not just use separate patches -- if people don't want to look at the > networking stuff, they don't have to. Ok, we can always try :) > Also, we haven't had a request yet to make the network stuff separately > configurable (a 0.3% hit on raw gigabit TCP bandwidth may be less of an > issue than macroizing the code). Linus did make that request to me after the KS presentation. But that was due to the report of 10% hit on gigabit, which we all now know was incorrect. Turning off the hooks is very simple, and does not involve macros. I can provide more details if people are really interested (hint, look at how pci_find_slot() is defined in pci.h if CONFIG_PCI is not enabled. That causes the c compile to just eliminate any if() that might be wrapped around it.) thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 20:18:35 PDT