Re: [PATCH -mm 2/4] SELinux: Remove various exported symbols
From: Paul Moore
Date: Tue Feb 26 2008 - 18:42:25 EST
On Tuesday 26 February 2008 6:25:41 pm Ahmed S. Darwish wrote:
> Remove the following exported SELinux interfaces:
> selinux_get_inode_sid(inode, sid)
> selinux_get_ipc_sid(ipcp, sid)
> selinux_get_task_sid(tsk, sid)
> selinux_sid_to_string(sid, ctx, len)
>
> and substitue them with following equivalents respectively:
> new LSM hook, inode_getsecid(inode, secid)
> new LSM hook, ipc_getsecid*(ipcp, secid)
> LSM hook, task_getsecid(tsk, secid)
> LSM hook, sid_to_secctx(sid, ctx, len)
>
> This is done to remove SELinux dependency from some
> of the kernel subsystems (audit).
>
> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
> Signed-off-by: Ahmed S. Darwish <darwish.07@xxxxxxxxx>
> ---
>
> include/linux/selinux.h | 62
> ---------------------------------------------
> security/selinux/exports.c | 42 ------------------------------
> security/selinux/hooks.c | 19 ++++++++++++-
> 3 files changed, 17 insertions(+), 106 deletions(-)
I haven't had a chance to look at the rest of the changes in detail yet,
but this should be the last patch in the series. The reason is that
after applying this patch (and not the next two) the kernel will no
longer compile meaning bisects will break which will cause people to
get grumpy.
If you have to split things into multiple patches, it's a good idea to
do it in this order:
1. Add the new function
2. Convert all the callers
3. Remove the old function you replaced
--
paul moore
linux security @ hp
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/