Re: [PATCH try #3] security: Convert LSM into a static interface

From: Christian Ehrhardt
Date: Thu Jul 19 2007 - 13:28:28 EST

Next message: Christoph Hellwig: "Re: lguest, Re: -mm merge plans for 2.6.23"
Previous message: Mark A. Greer: "[PATCH 3/4] serial: MPSC: Remove duplicate SUPPORT_SYSRQ definition"
In reply to: Serge E. Hallyn: "Re: [PATCH try #3] security: Convert LSM into a static interface"
Next in thread: James Morris: "Re: [PATCH try #3] security: Convert LSM into a static interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jul 19, 2007 at 09:54:30AM -0700, Arjan van de Ven wrote:
> the next step after this patch is to have an option to get rid of all
> the function pointer chasing (which is expensive) for the case where you
> know you only want one security module (which you then can turn on or
> off)... that advantage is a performance gain for a lot of people....

I'm pretty sure that at least the security_ops function pointers could be
resolved statically with some proprocessor trickery right now.

E.g. define macros for the security_* hooks in the single security module that
is configured statically and include those defines in security.h instead
of the prototypes for the inline functions. Am I missing something?

If a distribution enables such an option there is no way to load a
security module, true. This is what we have right now if the distro disables
loadable module support or disables security modules.

regards Christian

Attachment: signature.asc
Description: Digital signature

Next message: Christoph Hellwig: "Re: lguest, Re: -mm merge plans for 2.6.23"
Previous message: Mark A. Greer: "[PATCH 3/4] serial: MPSC: Remove duplicate SUPPORT_SYSRQ definition"
In reply to: Serge E. Hallyn: "Re: [PATCH try #3] security: Convert LSM into a static interface"
Next in thread: James Morris: "Re: [PATCH try #3] security: Convert LSM into a static interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]