From: Chris Wright (chrisat_private)
Date: Tue Jan 28 2003 - 12:56:34 PST

  • Next message: Crispin Cowan: "Re: c2 (or c2-like) auditing for Linux"

    [resend, typo in address]
    * Stephen D. Smalley (sdsat_private) wrote:
    > I've built and booted a SELinux kernel with and w/out
    > CONFIG_SECURITY_NETWORK, and it functioned as expected, i.e. only
    > differing in the absence of the socket and networking access controls
    > w/out the option.
    Sounds good.
    > > this isn't necessary.  "depends on SECURITY" is sufficient.
    > Ok, I was just following the same convention as the other entries in 
    > security/Kconfig.  Should we change them all?
    Sorry, I wasn't looking at the other entries.  I prefer simply "depends
    on SECURITY".  I don't see the need for the other entries using "!=n",
    so I'd say yes, change them all.
    > > this does embed some framework functionality in the dummy module.  any
    > > reason not to put it in the static inline in security.h before the call
    > > to the module?
    > security.h can't dereference pointers to struct sock and struct
    > open_request without including net/sock.h and net/tcp.h, but both of
    > those header files need to include security.h since they contain hook
    > calls.
    Whee, love cirucular dependencies ;-)
    > Also, notice that we don't truly need these initializations as part of
    > the base framework; they don't provide anything that can't be done in
    > the module.
    Yup, I definitely agree.  I was trying to reason out if there is any
    compelling reason to keep them (and then if it's best to put it in the
    dummy module).  I think we could probably either drop them or leave it
    as is (in your patch).
    > So, other than the security/Kconfig cleanup, any other changes that
    > need to be made prior to committing?  Also, I have an equivalent patch
    > for lsm-2.4; does it need to be posted for discussion or can it just be
    > committed at the same time?
    I think that's it.  2.4 sounds fine as well.
    Linux Security Modules
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 12:58:30 PST