Re: [PATCH] selinux: add selinux_is_enforced() function

From: Sebastien Buisson
Date: Wed Apr 12 2017 - 11:20:03 EST

Next message: Jim Mattson: "Re: [PATCH v6] kvm: better MWAIT emulation for guests"
Previous message: Andrew Lunn: "Re: [PATCH v5 1/4] gpio: mvebu: Add limited PWM support"
In reply to: Stephen Smalley: "Re: [PATCH] selinux: add selinux_is_enforced() function"
Next in thread: Stephen Smalley: "Re: [PATCH] selinux: add selinux_is_enforced() function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2017-04-12 15:58 GMT+02:00 Stephen Smalley <sds@xxxxxxxxxxxxx>:
> Even your usage of selinux_is_enabled() looks suspect; that should
> probably go away. Only other user of it seems to be some cred validity
> checking that could be dropped as well.

Well the main reason for calling selinux_is_enabled() is performance
optimization.
Should I propose a patch to add a new security_is_enabled() function
at the LSM abstraction layer? Or do you consider we should not test
security enabled at all?

Next message: Jim Mattson: "Re: [PATCH v6] kvm: better MWAIT emulation for guests"
Previous message: Andrew Lunn: "Re: [PATCH v5 1/4] gpio: mvebu: Add limited PWM support"
In reply to: Stephen Smalley: "Re: [PATCH] selinux: add selinux_is_enforced() function"
Next in thread: Stephen Smalley: "Re: [PATCH] selinux: add selinux_is_enforced() function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]