Hi, here is the version of my patches that rework the security stubs in security.h a bit to allow for better maintainability and allow the possibility of using conditionals over indirect calls. The latter has been found beneficial with tcp_rr benchmarks on ia64. To stress the maintainability point: One of the void stubs had a return statement in there, which was inconsistent between the cap_ and security_ops-> versions. The first patch, as a prerequisiste, makes capabilities the default for CONFIG_SECURITY=y rather than the dumb dummy, which results in a broken system -- which makes everybody wanting to load capability. Not the idea, as this makes loading other LSMs problematic ... Note that I did not drop dummy completely. I think it should ... but currently LSMs that don't have all functions implement fall back to the implementations in dummy. I did not want to change behaviour and fall back to the ones in capability. Most are identical between cap and dummy, but I did not review all existing LSMs. It could be done at a second step if deemed viable. Note that the patches have been discussed before: http://www.ussg.iu.edu/hypermail/linux/kernel/0502.1/1040.html http://www.ussg.iu.edu/hypermail/linux/kernel/0408.1/0623.html In comparison to the last submission, I have dropped the unlikely() stuff that seemed too controversial. The patch 2 which does the main cleanup has been split in two. The first is produced by a little python script that parses the function implementations and the ifdefs and reorders them, so they end up next to each other. This greatly simplifies the creation of the next patch and minimizes the chances to screw up. I marked these patches 2a and 2b. Please apply! -- Kurt Garloff, Director SUSE Labs, Novell Inc.
This archive was generated by hypermail 2.1.3 : Sun Jul 03 2005 - 14:19:56 PDT