[resend, typo in address] * Stephen D. Smalley (sdsat_private) wrote: > > I've built and booted a SELinux kernel with and w/out > CONFIG_SECURITY_NETWORK, and it functioned as expected, i.e. only > differing in the absence of the socket and networking access controls > w/out the option. Sounds good. > > this isn't necessary. "depends on SECURITY" is sufficient. > > Ok, I was just following the same convention as the other entries in > security/Kconfig. Should we change them all? Sorry, I wasn't looking at the other entries. I prefer simply "depends on SECURITY". I don't see the need for the other entries using "!=n", so I'd say yes, change them all. > > this does embed some framework functionality in the dummy module. any > > reason not to put it in the static inline in security.h before the call > > to the module? > > security.h can't dereference pointers to struct sock and struct > open_request without including net/sock.h and net/tcp.h, but both of > those header files need to include security.h since they contain hook > calls. Whee, love cirucular dependencies ;-) > Also, notice that we don't truly need these initializations as part of > the base framework; they don't provide anything that can't be done in > the module. Yup, I definitely agree. I was trying to reason out if there is any compelling reason to keep them (and then if it's best to put it in the dummy module). I think we could probably either drop them or leave it as is (in your patch). > So, other than the security/Kconfig cleanup, any other changes that > need to be made prior to committing? Also, I have an equivalent patch > for lsm-2.4; does it need to be posted for discussion or can it just be > committed at the same time? I think that's it. 2.4 sounds fine as well. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 12:58:30 PST