Serge E. Hallyn wrote: >I hadn't considered that. It does seem to then enforce that any >security module keeping state on kernel objects must be compiled in >so as to catch them when they are created. But that may not be a >bad thing, and it would be nice to be able to drop the rwlock. > > Forcing a stackable module to be compiled in would seem to be a fatal flaw. The whole point of stacking is to be able to compose things that your upstream provider did not think of. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com
This archive was generated by hypermail 2.1.3 : Tue Feb 01 2005 - 05:32:47 PST