> I'm _really_ tired of all of the "empty" functions that all security
> modules need to provide. So here's a brute force patch that lets any
> security module only set the functions that it wants to override. If
> the function is NULL, then the "dummy" function will be used instead.
>
> What do people think of this? I also cleaned up the comment in the
> verify function of security/security.c and made it not inline.
I second this. It's very annoying and error-prone to define lots of
unnecessary functions, not to mention maintainability.
> ===== security/security.c 1.4 vs edited =====
> --- 1.4/security/security.c Thu Oct 17 13:21:20 2002
> +++ edited/security/security.c Sat Nov 30 23:01:07 2002
[...]
> @@ -59,11 +61,8 @@
> /* Perform a little sanity checking on our inputs */
> err = 0;
>
[...]
> VERIFY_STRUCT(struct security_operations, ops, err);
This shouldn't be necessary anymore.
> @@ -106,6 +105,7 @@
> */
> int register_security (struct security_operations *ops)
> {
> + security_fixup_ops (ops);
You're patching other people's data structures. Not everybody may like
this. Maybe it's even impossible on ROM based systems. Do you think a
copy is doable? Just a thought.
> if (verify (ops)) {
> printk (KERN_INFO "%s could not verify "
When ops is NULL, this check is too late.
> @@ -162,6 +162,8 @@
> */
> int mod_reg_security (const char *name, struct security_operations *ops)
> {
> + security_fixup_ops (ops);
> +
> if (verify (ops)) {
> printk (KERN_INFO "%s could not verify "
> "security operations.\n", __FUNCTION__);
Same here.
Nevertheless, I like this patch.
Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/