| To: | greg@xxxxxxxxx |
|---|---|
| Subject: | Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7) |
| From: | "David S. Miller" <davem@xxxxxxxxxx> |
| Date: | Tue, 15 Oct 2002 12:34:43 -0700 (PDT) |
| Cc: | becker@xxxxxxxxx, jmorris@xxxxxxxxxxxxxxxx, kuznet@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx, linux-security-module@xxxxxxxxx |
| In-reply-to: | <20021015191626.GD15420@xxxxxxxxx> |
| References: | <20021015.104014.34145167.davem@xxxxxxxxxx> <Pine.LNX.4.44.0210151353450.1159-100000@xxxxxxxxxxxxxxxxx> <20021015191626.GD15420@xxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
From: Greg KH <greg@xxxxxxxxx>
Date: Tue, 15 Oct 2002 12:16:26 -0700
That being said, a number of people have asked that the networking hooks
be able to "be compiled away", so we will be glad to do this.
That's the only big beef I have with the LSM stuff,
on a whole.
I want to be able to say CONFIG_SECURITY=n and all of
this stuff totally disappears. So use macros that expand
to the security_ops->foo() when it's enabled, and compile
into do { } while (0) when it is disabled.
And yes, as much as the LSM folks may hate it, I want distribution
makes to be able to turn this stuff off at their discretion as well.
Some may decide that supporting a mechanism like this in their kernel
is just too much.
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7), Greg KH |
|---|---|
| Next by Date: | Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7), Greg KH |
| Previous by Thread: | Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7), Greg KH |
| Next by Thread: | Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7), Greg KH |
| Indexes: | [Date] [Thread] [Top] [All Lists] |