Re: [PATCH] remove selinux stacked ops

From: Chris Wright (chrisw@private)
Date: Fri Aug 26 2005 - 09:22:41 PDT

Previous message: serue@private: "Re: [PATCH 0/5] LSM hook updates"
In reply to: Stephen Smalley: "Re: [PATCH] remove selinux stacked ops"
Next in thread: Stephen Smalley: "Re: [PATCH] remove selinux stacked ops"
Next in thread: Tony Jones: "Re: [PATCH] remove selinux stacked ops"
Next in thread: Stephen Smalley: "Re: selinux stacked ops"
Reply: Stephen Smalley: "Re: [PATCH] remove selinux stacked ops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

* Stephen Smalley (sds@private) wrote:
> On Fri, 2005-08-26 at 07:58 -0400, Stephen Smalley wrote:
> > Ok, as with my prior comment, this one is also invalidated by the fact
> > that the static inlines fall back to the cap_ functions if the operation
> > is NULL.  So I suppose this would work.
> 
> Given these changes, what purpose does the capability module and the
> CONFIG_SECURITY_CAPABILITIES option serve anymore?  Should capability.c
> be removed entirely?

I left it for two reasons.  Making it built-in will mean you can't
load another security module.  Some distros use the module already, so
it's compatibility.  These aren't the best reasons to keep it long term.

> Also seems to obsolete the cap_stack module in the stacking patch set.

I believe so.

thanks,
-chris

Previous message: serue@private: "Re: [PATCH 0/5] LSM hook updates"
In reply to: Stephen Smalley: "Re: [PATCH] remove selinux stacked ops"
Next in thread: Stephen Smalley: "Re: [PATCH] remove selinux stacked ops"
Next in thread: Tony Jones: "Re: [PATCH] remove selinux stacked ops"
Next in thread: Stephen Smalley: "Re: selinux stacked ops"
Reply: Stephen Smalley: "Re: [PATCH] remove selinux stacked ops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 26 2005 - 09:23:08 PDT