Ok, this wasn't that tough... Here's a first cut at what will need to be changed. It's a patch against Linus's latest BK tree. I only converted one hook (the ptrace one), and this will not link, but
David, does something like this look acceptable? Yes. which I hope are a bit more to your liking :) It is :-) The extra #includes are needed as some files were getting security.h picked up from shed.
Here's all the hooks converted over to function calls. Chris Wright pointed out I need to do some extra work with the existing capabilities hooks, but I'll do that in the morning. Thanks to John Levo
Ok, here's a working version (I'm typing from it right now), with all of the capability logic working again. This does make the security/built-in.o file this size with CONFIG_SECURITY=y text data bss
Um, rather than one macro per security_ops function, how about: (security_ops->func(__VA_ARGS__)) (default_ret) This also allows someone in the future to do: ({ if (try_inc_mod_count(security_ops->ow
BTW, there's another big issues with LSM: so far all those hook have no user in a mergeable shape. For all other additions there is a strong need to present something mergable but LSM doesn't. IMHO w
Heh, require this, and oops, all of the hooks disappear :) Seriously, no, I don't agree with this. SELinux is currently being audited by a number of different companies (include some Linux distros),