Hi Serge, On Mon, Jul 04, 2005 at 07:01:05AM -0500, serge@private wrote: > Quoting Tony Jones (tonyj@private): > > On Mon, Jul 04, 2005 at 08:59:02AM +0200, Kurt Garloff wrote: > > > > > > The topic of replacing dummy (with capability) was discussed there > > > > last week, in the context of stacker, but a common solution for both > > > > cases would be needed. > > > > > > Both cases? > > > > CONFIG_SECURITY_STACKER and !CONFIG_SECURITY_STACKER ;-) > > > > http://mail.wirex.com/pipermail/linux-security-module/2005-June/6200.html > > > > I was assuming (bad of me I know) that Serge's patch would nail both cases > > with one stone. > > Yes, sorry, I never got around to the replace-dummy-with-capability > patch. There wasn't a single cry when Chris asked for anyone who'd > care about dummy being removed, so I do plan on switching that. I was a bit careful: My patch did switch the default, but LSMs that don't fill in all security_ops would still fall back to dummy, just to make sure there is no possibly unintended change in behaviour. Getting rid of dummy entirely would be better, I agree, but someone needs to review that this won't break anything. So how should we proceed? You want to do the dummy removal first, then have stacker merged and then what remains of my patches? Or should I start ... ? Regards, -- Kurt Garloff, Director SUSE Labs, Novell Inc.
This archive was generated by hypermail 2.1.3 : Mon Jul 04 2005 - 05:09:38 PDT