Re: Removing EXPORT_SYMBOL(security_ops) (was Re: Time to remove LSM)

[Greg KH]

On Thu, Apr 20, 2006 at 10:20:11AM -0400, Stephen Smalley wrote:
> On Thu, 2006-04-20 at 08:00 -0700, Greg KH wrote:
> > I agree.  In looking over the code some more, I'm trying to figure out
> > why we are exporting that variable at all.  Is it because of people
> > wanting to stack security modules?
> > 
> > I see selinux code using it, but you are always built into the kernel,
> > right?  So unexporting it would not be an issue to you.
> 
> Various in-tree modules (e.g. ext3) call security hooks via the static
> inlines and end up referencing security_ops directly.  We'd have to wrap
> all such hooks in the same manner as capable and permission.

Ah, and people like making their file systems as modules :(

> Although I was actually talking about eliminating security_ops, not just
> un-exporting it ;)

Yes, that would be even better, and solve some of the recent complaints
that people have with the lsm interface.

thanks,

greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/