On Mon, 27 Jan 2003, Stephen D. Smalley wrote: > > The attached patch for lsm-2.5 adds a CONFIG_SECURITY_NETWORK option > for the socket and networking security fields and hooks. At present, > it excludes the netlink hooks and the ip_decode_options hooks since > the capabilities module uses those hooks to implement capability tests > migrated from the base kernel. It rearranges the security_ops structure > to move the optional socket and networking hooks to the end of the structure. > > The patch moves the 'security = NULL' initializations for the sock and > open request structures into the corresponding alloc_security hooks > since those initializations are colocated with the allocation. In the > sk_buff case, the patch simply #ifdef's the initialization, since other > similar #ifdef'd initializations exist in skb_headerinit. If desired, > we could define a static inline function for that purpose, but it > didn't seem to be necessary. This looks good, thanks for doing this (I'm still working through a backlog of stuff after getting back from LCA). - James -- James Morris <jmorrisat_private> _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 15:26:31 PST