Re: [PATCH] remove selinux stacked ops

From: Tony Jones (tonyj@private)
Date: Fri Aug 26 2005 - 09:33:07 PDT

Previous message: Chris Wright: "Re: [PATCH] remove selinux stacked ops"
In reply to: Stephen Smalley: "Re: [PATCH] remove selinux stacked ops"
Next in thread: serue@private: "Re: [PATCH] remove selinux stacked ops"
Next in thread: Stephen Smalley: "Re: selinux stacked ops"
Reply: serue@private: "Re: [PATCH] remove selinux stacked ops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Fri, Aug 26, 2005 at 08:29:58AM -0400, Stephen Smalley wrote:
> On Fri, 2005-08-26 at 07:58 -0400, Stephen Smalley wrote:
> > Ok, as with my prior comment, this one is also invalidated by the fact
> > that the static inlines fall back to the cap_ functions if the operation
> > is NULL.  So I suppose this would work.
> 
> Given these changes, what purpose does the capability module and the
> CONFIG_SECURITY_CAPABILITIES option serve anymore?  Should capability.c
> be removed entirely?

Since stacker will implement every hook (preventing the static inline
falling thru) wouldn't retaining capability as a module for composition 
be useful?

Of course I can see alternate methods for implementing this.  At the very least,
as this thread demonstrates, the current stacker approach of calling dummy
when no submodule implements a hook will need some rework.

Tony

Previous message: Chris Wright: "Re: [PATCH] remove selinux stacked ops"
In reply to: Stephen Smalley: "Re: [PATCH] remove selinux stacked ops"
Next in thread: serue@private: "Re: [PATCH] remove selinux stacked ops"
Next in thread: Stephen Smalley: "Re: selinux stacked ops"
Reply: serue@private: "Re: [PATCH] remove selinux stacked ops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 26 2005 - 09:37:41 PDT