Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756106AbZLXVzQ (ORCPT ); Thu, 24 Dec 2009 16:55:16 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1755585AbZLXVzM (ORCPT ); Thu, 24 Dec 2009 16:55:12 -0500 Received: from wine.ocn.ne.jp ([122.1.235.145]:53039 "EHLO smtp.wine.ocn.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753685AbZLXVzL (ORCPT ); Thu, 24 Dec 2009 16:55:11 -0500 To: ebiederm@xmission.com Cc: michael@laptop.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, andi@firstfloor.org, david@lang.hm, socketcan@hartkopp.net, alan@lxorguk.ukuu.org.uk, herbert@gondor.apana.org.au, Valdis.Kletnieks@vt.edu, bdonlan@gmail.com, zbr@ioremap.net, cscott@cscott.net, jmorris@namei.org, bernie@codewiz.org, mrs@mythic-beasts.com, randy.dunlap@oracle.com, xiyou.wangcong@gmail.com Subject: Re: A basic question about the security_* hooks From: Tetsuo Handa References: <20091224022902.GA24234@heat> <4B32F304.4040609@schaufler-ca.com> In-Reply-To: Message-Id: <200912250655.HEC04690.FFVJQSOLHOtMFO@I-love.SAKURA.ne.jp> X-Mailer: Winbiff [Version 2.51 PL2] X-Accept-Language: ja,en,zh Date: Fri, 25 Dec 2009 06:55:08 +0900 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1240 Lines: 43 Eric W. Biederman wrote: > My immediate impression is that the big limitation today is the > sharing of the void * security data members of strucutres. I think the time to change "void * security" is approaching. What about allocating dedicated "void *" for each in-tree security modules and let proposed security modules use "void * security" so that proposed security modules can be evaluated without allocating dedicated "void *", something like struct foo { ... #ifdef CONFIG_SECURITY_SELINUX void *selinux; #endif #ifdef CONFIG_SECURITY_SMACK void *smack; #endif #ifdef CONFIG_SECURITY_PROPOSED void *security #endif } struct bar { ... #ifdef CONFIG_SECURITY_SELINUX void *selinux; #endif #ifdef CONFIG_SECURITY_PROPOSED void *security #endif } ? Regarding TOMOYO, "void * security" automatically added to many structure is nothing but waste of memory because TOMOYO don't need "void * security" except "struct task_struct". -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/