Greg KH <gregat_private> writes: > I'm _really_ tired of all of the "empty" functions that all security > modules need to provide. So here's a brute force patch that lets any > security module only set the functions that it wants to override. If > the function is NULL, then the "dummy" function will be used instead. > > What do people think of this? I also cleaned up the comment in the > verify function of security/security.c and made it not inline. I second this. It's very annoying and error-prone to define lots of unnecessary functions, not to mention maintainability. > ===== security/security.c 1.4 vs edited ===== > --- 1.4/security/security.c Thu Oct 17 13:21:20 2002 > +++ edited/security/security.c Sat Nov 30 23:01:07 2002 [...] > @@ -59,11 +61,8 @@ > /* Perform a little sanity checking on our inputs */ > err = 0; > [...] > VERIFY_STRUCT(struct security_operations, ops, err); This shouldn't be necessary anymore. > @@ -106,6 +105,7 @@ > */ > int register_security (struct security_operations *ops) > { > + security_fixup_ops (ops); You're patching other people's data structures. Not everybody may like this. Maybe it's even impossible on ROM based systems. Do you think a copy is doable? Just a thought. > if (verify (ops)) { > printk (KERN_INFO "%s could not verify " When ops is NULL, this check is too late. > @@ -162,6 +162,8 @@ > */ > int mod_reg_security (const char *name, struct security_operations *ops) > { > + security_fixup_ops (ops); > + > if (verify (ops)) { > printk (KERN_INFO "%s could not verify " > "security operations.\n", __FUNCTION__); Same here. Nevertheless, I like this patch. Regards, Olaf. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sun Dec 01 2002 - 09:00:37 PST