From: "Stephen D. Smalley" : Wednesday, April 09, 2003 1:51 PM > No, the initializers were intentionally moved into the hook functions because > they were co-located with hook calls anyway, there was no value in keeping them > separate, and doing so would require #ifdefs in the core networking code (not > acceptable) or a separate static inline (pointless, as it occurs at the same > point as the existing hook call). You just need to fix your module to not > expect the value to be set to NULL prior to the alloc_security call. The dummy > module will ensure that the values are initialized to NULL for all objects > created before your module is inserted. > The current implementation does not agree with the documentation in security.h - which states that the relevant security fields are nulled on allocation. In these cases they are not. So the implementation is not consistent with the documentation. That's what I call a bug. Either the implementation needs fixing to do what the documentation says, or the documentation needs fixing to document what has been implemented. Since the other security fields are in fact initialised to NULL it would be more consistent to fix the implementation to agree with the documentation, rather than making special cases for these 2 structs. I apologize if the code I sent is not an acceptable implementation, but other LSM code already had #ifdef CONFIG_SECURITY_NETWORK in it. For example 'net/core/skbuff.c' has it round 'skb->lsm_security = NULL;' for similar reasons. Mike _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Apr 09 2003 - 07:29:56 PDT