* James Morris (jmorris@private) wrote: > On Mon, 18 Oct 2004, Stephen Smalley wrote: > > > a) Add a flag to avc_audit(), optionally passed via avc_audit_data, that > > tells it to use audit_log_end_irq() so that it merely enqueues the audit > > message for later processing, and change capable and setscheduler hooks > > to pass this flag, or > > b) Move the security checks in setscheduler outside of the runqueue > > lock, then just recheck that no security-relevant conditions changed > > after taking the lock. > > A seems simpler, but perhaps better to do via a wrapper function. I agree, esp. since the policy value can change. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
This archive was generated by hypermail 2.1.3 : Mon Oct 18 2004 - 12:12:08 PDT