Re: Removing EXPORT_SYMBOL(security_ops) (was Re: Time to removeLSM)

From: Stephen Smalley
Date: Thu Apr 20 2006 - 11:15:44 EST

Next message: Darren Hart: "Re: [RFC][PATCH -rt] Make futex_wait() use an hrtimer for timeout"
Previous message: Linus Torvalds: "Re: smp/up alternatives crash when CONFIG_HOTPLUG_CPU"
In reply to: Greg KH: "Removing EXPORT_SYMBOL(security_ops) (was Re: Time to remove LSM)"
Next in thread: Greg KH: "Re: Removing EXPORT_SYMBOL(security_ops) (was Re: Time to remove LSM)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2006-04-20 at 08:00 -0700, Greg KH wrote:
> I agree. In looking over the code some more, I'm trying to figure out
> why we are exporting that variable at all. Is it because of people
> wanting to stack security modules?
>
> I see selinux code using it, but you are always built into the kernel,
> right? So unexporting it would not be an issue to you.

Various in-tree modules (e.g. ext3) call security hooks via the static
inlines and end up referencing security_ops directly. We'd have to wrap
all such hooks in the same manner as capable and permission.

Although I was actually talking about eliminating security_ops, not just
un-exporting it ;)

> Tony, would AppArmor have problems if we don't export that variable
> anymore?

--
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Darren Hart: "Re: [RFC][PATCH -rt] Make futex_wait() use an hrtimer for timeout"
Previous message: Linus Torvalds: "Re: smp/up alternatives crash when CONFIG_HOTPLUG_CPU"
In reply to: Greg KH: "Removing EXPORT_SYMBOL(security_ops) (was Re: Time to remove LSM)"
Next in thread: Greg KH: "Re: Removing EXPORT_SYMBOL(security_ops) (was Re: Time to remove LSM)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]