From: Chris Wright <chrisw@osdl.org>
To: serue@us.ibm.com
Cc: Chris Wright <chrisw@osdl.org>, James Morris <jmorris@redhat.com>,
lkml <linux-kernel@vger.kernel.org>,
Stephen Smalley <sds@epoch.ncsc.mil>,
Andrew Morton <akpm@osdl.org>
Subject: Re: [PATCH] Stacker - single-use static slots
Date: Wed, 3 Aug 2005 12:45:14 -0700 [thread overview]
Message-ID: <20050803194514.GK7762@shell0.pdx.osdl.net> (raw)
In-Reply-To: <20050803192751.GA18837@serge.austin.ibm.com>
* serue@us.ibm.com (serue@us.ibm.com) wrote:
> > James had suggested to effectively stash the list in the last slot, so
> > there's only the array with one reserved slot.
>
> Oh, I didn't catch that. I like it. Will do.
>
> So you mean 3 slots total including the shared one?
Yeah, i.e. common case is $LSM and capabilities. Stack slot is last
one, and gets put to use only if needed.
> Any comments on the added argument to register_security and
> mod_reg_security to request a static slot?
Why would you not request a static slot?
> + spin_lock(&security_field_spinlock);
> + if (idx && *idx) {
> + int i;
> +
> + *idx = -1;
So, I guess this means you request one, but who knows which one you'll
get?
> + for (i=0; i<CONFIG_SECURITY_STACKER_NUMFIELDS; i++) {
> + if (security_field_owners[i] == NULL) {
> + security_field_owners[i] = ops;
> + *idx = i;
> + break;
> + }
> + }
> + }
> + spin_unlock(&security_field_spinlock);
> Given the likelyhood of
> capability/cap_stack being registered, it seemed worthwhile not to have
> it waste a spot, but it is an API change...
API change is no big deal. Seems useful to get index value so you can
do optimized retrieve later. But, I don't see it useful to request that
way. Just register, get index, if index == last slot, lookup hits list.
thanks,
-chris
next prev parent reply other threads:[~2005-08-03 19:45 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-07-27 18:17 [patch 0/15] lsm stacking v0.3: intro serue
2005-07-27 18:19 ` [patch 1/15] lsm stacking v0.3: introduce securityfs serue
2005-07-27 18:20 ` [patch 2/15] lsm stacking v0.3: add module * to security_ops serue
2005-07-27 18:21 ` [patch 3/15] lsm stacking v0.3: don't default to dummy_##hook serue
2005-07-27 18:23 ` [patch 4/15] lsm stacking v0.3: swith ->security to hlist serue
2005-07-27 18:24 ` [patch 5/15] lsm stacking v0.3: introduce security_*_value API serue
2005-07-27 18:24 ` [patch 6/15] lsm stacking v0.3: stacker documentation serue
2005-07-27 18:24 ` [patch 7/15] lsm stacking v0.3: actual stacker module serue
2005-07-27 18:25 ` [patch 8/15] lsm stacking v0.3: stackable capabilities lsm serue
2005-07-27 18:26 ` [patch 9/15] lsm stacking v0.3: selinux: update ->security structs serue
2005-07-27 18:26 ` [patch 10/15] lsm stacking v0.3: selinux: use security_*_value API serue
2005-07-27 18:27 ` [patch 11/15] lsm stacking v0.3: selinux: remove secondary support serue
2005-07-27 18:27 ` [patch 12/15] lsm stacking v0.3: hook completeness verification script serue
2005-07-27 18:28 ` [patch 13/15] lsm stacking v0.3: seclvl: update for stacking serue
2005-07-27 18:28 ` [patch 14/15] lsm stacking v0.3: fix security_{del,unlink}_value race serue
2005-07-27 18:28 ` [patch 15/15] lsm stacking v0.3: stacking for digsig serue
2005-07-27 19:34 ` [patch 0/15] lsm stacking v0.3: intro James Morris
2005-07-27 19:37 ` James Morris
2005-08-03 16:45 ` [PATCH] Stacker - single-use static slots serue
2005-08-03 17:57 ` Chris Wright
2005-08-03 19:27 ` serue
2005-08-03 19:45 ` Chris Wright [this message]
2005-08-03 20:31 ` serge
2005-08-05 15:55 ` James Morris
2005-08-05 17:27 ` serue
2005-08-05 17:34 ` serue
2005-08-10 14:45 ` serue
2005-08-11 7:42 ` James Morris
2005-08-11 21:22 ` serue
2005-08-11 23:02 ` James Morris
2005-07-27 19:54 ` [patch 0/15] lsm stacking v0.3: intro serue
2005-07-30 5:07 ` Tony Jones
2005-07-30 19:02 ` serge
2005-07-30 20:18 ` Tony Jones
2005-07-31 3:22 ` Steve Beattie
2005-07-31 3:44 ` serge
2005-07-31 4:13 ` Tony Jones
2005-07-31 13:37 ` serge
2005-07-31 3:53 ` serge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050803194514.GK7762@shell0.pdx.osdl.net \
--to=chrisw@osdl.org \
--cc=akpm@osdl.org \
--cc=jmorris@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sds@epoch.ncsc.mil \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox