Hi Serge, On Mon, Jul 04, 2005 at 07:37:21AM -0500, serge@private wrote: > Quoting Kurt Garloff (garloff@private): > > Getting rid of dummy entirely would be better, I agree, but someone > > needs to review that this won't break anything. > > Unfortunately I think it's way too soon for that. Even if stacker is > accepted, it is still a module (for now at least) which can be compiled > out. So we'll need dummy hooks for modules (like seclvl) to use. I > just don't think it's possible to get rid of that yet. Hmmmm, getting rid of dummy would mean replacing it with capability. - The differences between cap and dummy affect a relatively small subset of hooks - If all of these hooks are implemented by all LSMs, we're done and can just remove dummy and replace it by capability. - If not, we'd need to review for all of these LSMs, whether defaulting to capability rather than dummy could create a problem and whether that can be addressed easily. seclvl would probably need some changes, indeed. root_plug could become shorter :-) > > So how should we proceed? > > You want to do the dummy removal first, then have stacker merged > > and then what remains of my patches? Or should I start ... ? > > I think your patches to make capability the default are the best > place to start. Doing the same under stacker will be trivial, and > I'll do that in the next set I send out. Sounds good! -- Kurt Garloff, Director SUSE Labs, Novell Inc.
This archive was generated by hypermail 2.1.3 : Mon Jul 04 2005 - 06:34:08 PDT