From: Casey Schaufler <casey@schaufler-ca.com>
To: Paul Moore <paul@paul-moore.com>
Cc: LSM <linux-security-module@vger.kernel.org>,
SELinux <Selinux@tycho.nsa.gov>
Subject: Re: Functions prefixed with security_ in SELinux
Date: Fri, 24 Oct 2014 14:33:26 -0700 [thread overview]
Message-ID: <544AC5A6.6080200@schaufler-ca.com> (raw)
In-Reply-To: <CAHC9VhQ-0biopRvb8f-ssZ0dfGhAd5Jvh8ozgjA=gfASA=3czg@mail.gmail.com>
On 10/24/2014 12:49 PM, Paul Moore wrote:
> On Thu, Oct 9, 2014 at 1:55 PM, Casey Schaufler <casey@schaufler-ca.com> wrote:
>> As I've been working on the multiple concurrent modules project I have
>> frequently encountered the use of the function prefix security_ in
>> SELinux specific code. I understand and appreciate that this code has
>> been there since the dawn of time. The LSM infrastructure also uses this
>> prefix, and that's where I have my concern. When I'm grubbing about for
>> uses of the LSM infrastructure in the SELinux code it's really quite
>> annoying. Would the SELinux community be open to considering the
>> possibility of thinking about cleaning up this bit of namespace
>> pollution? It surely isn't a critical issue, but it would certainly look
>> better.
>>
>> security_context_to_sid -> selinux_context_to_sid
>>
>> Just a thought.
> Sorry for the delay. I've been a bit busy and this got lost in my
> SELinux folder.
>
> It probably is something we should clean up, in fact we should
> probably take a long hard look at why we still keep the "security
> server" code separated from the SELinux hooks code. I understand the
> original reasoning, but I wonder if that still matters, especially
> with many Linux-isms creeping into the security server code.
>
> So to answer your question, yes, it is something I would consider, but
> likely only as part of a larger effort to cleanup/integrate the
> SELinux security server code into the Linux specific code.
>
Would you consider patches that address this as part of the Multiple
LSM work? I wouldn't be doing the security server integration as that
would be outside the scope of the effort, but I consider the namespace
issue to be in scope. I won't bother if you aren't open to it.
Thank you.
next prev parent reply other threads:[~2014-10-24 21:33 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-09 17:55 Functions prefixed with security_ in SELinux Casey Schaufler
2014-10-24 19:49 ` Paul Moore
2014-10-24 21:33 ` Casey Schaufler [this message]
2014-10-25 16:45 ` Paul Moore
2014-10-26 0:26 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=544AC5A6.6080200@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=Selinux@tycho.nsa.gov \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.