Received: with ECARTIS (v1.0.0; list netdev); Tue, 15 Oct 2002 12:43:30 -0700 (PDT) Received: from pizda.ninka.net (IDENT:root@pizda.ninka.net [216.101.162.242]) by oss.sgi.com (8.12.5/8.12.5) with SMTP id g9FJhRtG006491 for ; Tue, 15 Oct 2002 12:43:28 -0700 Received: from localhost (IDENT:davem@localhost.localdomain [127.0.0.1]) by pizda.ninka.net (8.9.3/8.9.3) with ESMTP id MAA10355; Tue, 15 Oct 2002 12:34:44 -0700 Date: Tue, 15 Oct 2002 12:34:43 -0700 (PDT) Message-Id: <20021015.123443.62397799.davem@redhat.com> To: greg@kroah.com Cc: becker@scyld.com, jmorris@intercode.com.au, kuznet@ms2.inr.ac.ru, netdev@oss.sgi.com, linux-security-module@wirex.com Subject: Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7) From: "David S. Miller" In-Reply-To: <20021015191626.GD15420@kroah.com> References: <20021015.104014.34145167.davem@redhat.com> <20021015191626.GD15420@kroah.com> X-FalunGong: Information control. X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-archive-position: 713 X-ecartis-version: Ecartis v1.0.0 Sender: netdev-bounce@oss.sgi.com Errors-to: netdev-bounce@oss.sgi.com X-original-sender: davem@redhat.com Precedence: bulk X-list: netdev From: Greg KH Date: Tue, 15 Oct 2002 12:16:26 -0700 That being said, a number of people have asked that the networking hooks be able to "be compiled away", so we will be glad to do this. That's the only big beef I have with the LSM stuff, on a whole. I want to be able to say CONFIG_SECURITY=n and all of this stuff totally disappears. So use macros that expand to the security_ops->foo() when it's enabled, and compile into do { } while (0) when it is disabled. And yes, as much as the LSM folks may hate it, I want distribution makes to be able to turn this stuff off at their discretion as well. Some may decide that supporting a mechanism like this in their kernel is just too much.