This one is not acceptable, you're adding a function call to every netlink SKB receive even in the case where security is disabled. Capability testing is a very simple bit test, there is no justification for calling these cap_netlink_{send,recv}() things externally for such a simple operation when security is disabled. It is things like this that make me still totally hate the networking security changes. It is like a virus that is spreading throughout the entire tree. It is a bunch of strange tests that have to be maintained which do external calls to modules that are not even in the source tree so I can't even see how the callbacks are used (no, the fact that there is documentation of the callback doesn't change this issue, and no I'm not going to some site to download a bunch of security modules everytime I need to make changes in these areas). Frankly, while I'm very happy about the fixup of the security overhead, these changes are still way too invasive. This stuff is garbage. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 15:36:33 PST