Date: Sat, 5 Aug 2006 23:25:49 -0500
From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Andrew Morton <akpm@osdl.org>, linux-kernel@vger.kernel.org,
       linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH -mm] fs.h: ifdef security fields
Message-ID: <20060806042549.GA3999@sergelap.austin.ibm.com>
References: <20060806023806.GA13480@martell.zuzino.mipt.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20060806023806.GA13480@martell.zuzino.mipt.ru>
User-Agent: Mutt/1.5.11
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1324
Lines: 30

Quoting Alexey Dobriyan (adobriyan@gmail.com):
> [BSD security levels are deleted in -mm, assuming this below]
> 
> The only user of i_security, f_security, s_security fields is SELinux,
> so ifdef them with CONFIG_SECURITY_SELINUX. Following Stephen Smalley's

The SLIM security module, which is trying to get upstream, uses at least
i_security and f_security.

The Argus module supposedly being submitted "soon" which is used in
their LSPP product, surely must use them all.

Maybe you still want to make these CONFIG_SECURITY_SELINUX until the
other modules are upstreamed, but I just wanted to make sure you knew
other modules, trying to get upstream, are using them.

Personally I'd say these are a core part of the LSM framework, and if
you don't want LSM, compile it out.  But since I realize that using only
capabilities must be a pretty common case, how about just adding a
config option CONFIG_SECURITY_OBJFIELDS, which is auto-enabled with
SELINUX and default off, which hides these fields instead?

Patch should be trivial, and I can aim to send one tomorrow.

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/