[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060806042549.GA3999@sergelap.austin.ibm.com>
Date: Sat, 5 Aug 2006 23:25:49 -0500
From: "Serge E. Hallyn" <serue@...ibm.com>
To: Alexey Dobriyan <adobriyan@...il.com>
Cc: Andrew Morton <akpm@...l.org>, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH -mm] fs.h: ifdef security fields
Quoting Alexey Dobriyan (adobriyan@...il.com):
> [BSD security levels are deleted in -mm, assuming this below]
>
> The only user of i_security, f_security, s_security fields is SELinux,
> so ifdef them with CONFIG_SECURITY_SELINUX. Following Stephen Smalley's
The SLIM security module, which is trying to get upstream, uses at least
i_security and f_security.
The Argus module supposedly being submitted "soon" which is used in
their LSPP product, surely must use them all.
Maybe you still want to make these CONFIG_SECURITY_SELINUX until the
other modules are upstreamed, but I just wanted to make sure you knew
other modules, trying to get upstream, are using them.
Personally I'd say these are a core part of the LSM framework, and if
you don't want LSM, compile it out. But since I realize that using only
capabilities must be a pretty common case, how about just adding a
config option CONFIG_SECURITY_OBJFIELDS, which is auto-enabled with
SELINUX and default off, which hides these fields instead?
Patch should be trivial, and I can aim to send one tomorrow.
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists