* Rusty Russell (rusty@rustcorp.com.au) wrote:
>
> I really wish the security guys had gone down the macro path, with
> something like
>
> #define security_check(func, default_val, ...)
> ({ if (try_inc_mod_count(security_ops->owner))
> security_ops->func(__VA_ARGS__);
> else
> default_val;
> })
>
> This also allows the whole thing to vanish if
> CONFIG_SECURITY_CAPABILITIES=n, and allows more flexibility for
> schemes like "always run with preemption disabled around security ops"
> or whatever, rather than having to search for all the references to
> security_ops.
You may be seeing something like this soon. Greg is working on some
conversions right now. I'm not sure what the final format will be,
but it should make the work above easier. Check out his '[RFC] change
format of LSM hooks' message from a few hours ago.
thanks,
-chris
-- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Oct 23 2002 - 22:00:27 EST