[PATCH] LSM networking: skb hooks for 2.5.42 (2/7)

[PATCH] LSM networking: skb hooks for 2.5.42 (2/7)

[James Morris]

(note: we'd like to use the existing skb security field, but have not 
touched yet it as you may want to maintain the padding there).


diff -urN -X dontdiff linux-2.5.42.w0/include/linux/security.h linux-2.5.42.w1/include/linux/security.h
--- linux-2.5.42.w0/include/linux/security.h	Tue Oct 15 20:28:55 2002
+++ linux-2.5.42.w1/include/linux/security.h	Tue Oct 15 20:25:40 2002
@@ -630,6 +630,50 @@
  * to use nonblocking allocation.
  * 
  *
+ * Lifecycle hooks for network buffers.
+ *
+ * @skb_alloc_security:
+ *	This hook is called by the &sk_buff allocator when a new buffer is
+ *	being allocated.  An LSM module may allocate and assign a new security
+ *	blob for the &sk_buff via this hook.
+ *	@skb contains the buffer being allocated.
+ *	@gfp_mask contains the kernel allocation gfp_mask value.
+ *	Return 0 if successful, or -ENOMEM on out of memory condition.
+ * @skb_clone:
+ *	This hook is called when an &sk_buff is being cloned, and may be used,
+ *	for example, to increment a reference count on the associated security
+ *	blob.  The security blob in the @newskb will not have been allocated.
+ *	@newskb contains the newly cloned buffer.
+ *	@oldskb contains the buffer being cloned.
+ *	Returns 0 on success -ENOMEM on failure.
+ * @skb_copy:
+ *	This hook is called when an &sk_buff header is being copied, which
+ *	occurs during the skb_copy() and pskb_copy() functions in
+ *	<net/core/skbuff.c>
+ *	@newskb contains the newly copied buffer.
+ *	@oldskb contains the buffer being copied.
+ * @skb_set_owner_w:
+ *	This hook is called when the ownership of an &sk_buff is being assigned
+ *	to a sending socket.  Typically, this would be used to copy security
+ *	attributes from the sending socket to the &sk_buff.
+ *	@skb contains the buffer being owned.
+ *	@sk contains sock to which ownership is being assigned.
+ * @skb_recv_datagram:
+ *      This hook is called when a process is receiving a datagram
+ *      message.  At this point, there is an association between the
+ *      current process, the socket, and the skb.
+ *      @skb contains the buffer being returned.
+ *      @sk is the receiving sock.
+ *      @flags contains operational flags.
+ * @skb_free_security:
+ *	This hook is called when an &sk_buff is being destroyed, and should be
+ *	used to free any associated security blob.
+ *	@skb contains the buffer being destroyed.
+ *
+ * These are the lifecycle hooks for network buffers. They are used to help
+ * manage the lifecycle of security blobs for &sk_buff structures, and are not
+ * intended to be used for access decisions.
+ *
  * @ptrace:
  *	Check permission before allowing the @parent process to trace the
  *	@child process.
@@ -846,6 +890,16 @@
 
 	void (*netdev_unregister) (struct net_device * dev);
 	
+	int (*skb_alloc_security) (struct sk_buff * skb, int gfp_mask);
+	int (*skb_clone) (struct sk_buff * newskb,
+	                  const struct sk_buff * oldskb);
+	void (*skb_copy) (struct sk_buff * newskb,
+	                  const struct sk_buff * oldskb);
+	void (*skb_set_owner_w) (struct sk_buff * skb, struct sock * sk);
+	void (*skb_recv_datagram) (struct sk_buff * skb, struct sock * sk,
+	                           unsigned flags);
+	void (*skb_free_security) (struct sk_buff * skb);
+	
 	int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag);
 
 	int (*msg_queue_alloc_security) (struct msg_queue * msq);
diff -urN -X dontdiff linux-2.5.42.w0/include/linux/skbuff.h linux-2.5.42.w1/include/linux/skbuff.h
--- linux-2.5.42.w0/include/linux/skbuff.h	Sun Sep  1 11:34:46 2002
+++ linux-2.5.42.w1/include/linux/skbuff.h	Tue Oct 15 20:23:42 2002
@@ -245,6 +245,8 @@
 #ifdef CONFIG_NET_SCHED
        __u32			tc_index;               /* traffic control index */
 #endif
+
+	void		*lsm_security;		/* replaces the above security field */
 };
 
 #define SK_WMEM_MAX	65535
diff -urN -X dontdiff linux-2.5.42.w0/include/net/sock.h linux-2.5.42.w1/include/net/sock.h
--- linux-2.5.42.w0/include/net/sock.h	Sat Oct 12 15:09:43 2002
+++ linux-2.5.42.w1/include/net/sock.h	Tue Oct 15 20:23:42 2002
@@ -663,6 +663,7 @@
 	skb->sk = sk;
 	skb->destructor = sock_wfree;
 	atomic_add(skb->truesize, &sk->wmem_alloc);
+	security_ops->skb_set_owner_w(skb, sk);
 }
 
 static inline void skb_set_owner_r(struct sk_buff *skb, struct sock *sk)
diff -urN -X dontdiff linux-2.5.42.w0/net/core/datagram.c linux-2.5.42.w1/net/core/datagram.c
--- linux-2.5.42.w0/net/core/datagram.c	Sun Aug 11 12:20:40 2002
+++ linux-2.5.42.w1/net/core/datagram.c	Tue Oct 15 20:23:42 2002
@@ -176,8 +176,10 @@
 		} else
 			skb = skb_dequeue(&sk->receive_queue);
 
-		if (skb)
+		if (skb) {
+			security_ops->skb_recv_datagram(skb, sk, flags);
 			return skb;
+		}
 
 		/* User doesn't want to wait */
 		error = -EAGAIN;
diff -urN -X dontdiff linux-2.5.42.w0/net/core/skbuff.c linux-2.5.42.w1/net/core/skbuff.c
--- linux-2.5.42.w0/net/core/skbuff.c	Sun Sep  1 11:34:46 2002
+++ linux-2.5.42.w1/net/core/skbuff.c	Tue Oct 15 20:23:42 2002
@@ -53,6 +53,7 @@
 #include <linux/rtnetlink.h>
 #include <linux/init.h>
 #include <linux/highmem.h>
+#include <linux/security.h>
 
 #include <net/protocol.h>
 #include <net/dst.h>
@@ -194,6 +195,11 @@
 	if (!data)
 		goto nodata;
 
+	if (security_ops->skb_alloc_security(skb, gfp_mask)) {
+ 		kfree(data);
+		goto nodata;
+	}
+
 	/* XXX: does not include slab overhead */
 	skb->truesize = size + sizeof(struct sk_buff);
 
@@ -252,6 +258,7 @@
 #ifdef CONFIG_NET_SCHED
 	skb->tc_index	  = 0;
 #endif
+	skb->lsm_security = NULL;
 }
 
 static void skb_drop_fraglist(struct sk_buff *skb)
@@ -328,6 +335,7 @@
 #ifdef CONFIG_NETFILTER
 	nf_conntrack_put(skb->nfct);
 #endif
+	security_ops->skb_free_security(skb);
 	skb_headerinit(skb, NULL, 0);  /* clean state */
 	kfree_skbmem(skb);
 }
@@ -355,6 +363,11 @@
 		if (!n)
 			return NULL;
 	}
+	
+	if (security_ops->skb_clone(n, skb)) {
+		skb_head_to_pool(n);
+		return NULL;
+	}
 
 #define C(x) n->x = skb->x
 
@@ -442,6 +455,7 @@
 #ifdef CONFIG_NET_SCHED
 	new->tc_index	= old->tc_index;
 #endif
+	security_ops->skb_copy(new, old);
 }
 
 /**
diff -urN -X dontdiff linux-2.5.42.w0/security/capability.c linux-2.5.42.w1/security/capability.c
--- linux-2.5.42.w0/security/capability.c	Tue Oct 15 20:28:55 2002
+++ linux-2.5.42.w1/security/capability.c	Tue Oct 15 20:23:42 2002
@@ -719,6 +719,37 @@
 	return;
 }
 
+static int cap_skb_alloc_security (struct sk_buff *skb, int gfp_mask)
+{
+	return 0;
+}
+
+static int cap_skb_clone (struct sk_buff *newskb, const struct sk_buff *oldskb)
+{
+	return 0;
+}
+
+static void cap_skb_copy (struct sk_buff *newskb, const struct sk_buff *oldskb)
+{
+	return;
+}
+
+static void cap_skb_set_owner_w (struct sk_buff *skb, struct sock *sk)
+{
+	return;
+}
+
+static void cap_skb_recv_datagram (struct sk_buff *skb, struct sock *sk,
+				   unsigned flags)
+{
+	return;
+}
+
+static void cap_skb_free_security (struct sk_buff *skb)
+{
+	return;
+}
+
 static int cap_register (const char *name, struct security_operations *ops)
 {
 	return -EINVAL;
@@ -822,6 +853,13 @@
 	.task_kmod_set_label =		cap_task_kmod_set_label,
 	.task_reparent_to_init =	cap_task_reparent_to_init,
 
+	.skb_alloc_security =		cap_skb_alloc_security,
+	.skb_clone =			cap_skb_clone,
+	.skb_copy =			cap_skb_copy,
+	.skb_set_owner_w =		cap_skb_set_owner_w,
+	.skb_recv_datagram =		cap_skb_recv_datagram,
+	.skb_free_security =		cap_skb_free_security,
+
 	.ipc_permission =		cap_ipc_permission,
 
 	.msg_queue_alloc_security =	cap_msg_queue_alloc_security,
diff -urN -X dontdiff linux-2.5.42.w0/security/dummy.c linux-2.5.42.w1/security/dummy.c
--- linux-2.5.42.w0/security/dummy.c	Tue Oct 15 20:28:55 2002
+++ linux-2.5.42.w1/security/dummy.c	Tue Oct 15 20:23:42 2002
@@ -534,6 +534,39 @@
 	return;
 }
 
+static int dummy_skb_alloc_security (struct sk_buff *skb, int gfp_mask)
+{
+	return 0;
+}
+
+static int dummy_skb_clone (struct sk_buff *newskb,
+			     const struct sk_buff *oldskb)
+{
+	return 0;
+}
+
+static void dummy_skb_copy (struct sk_buff *newskb,
+			    const struct sk_buff *oldskb)
+{
+	return;
+}
+
+static void dummy_skb_set_owner_w (struct sk_buff *skb, struct sock *sk)
+{
+	return;
+}
+
+static void dummy_skb_recv_datagram (struct sk_buff *skb, struct sock *sk,
+				     unsigned flags)
+{
+	return;
+}
+
+static void dummy_skb_free_security (struct sk_buff *skb)
+{
+	return;
+}
+
 static int dummy_register (const char *name, struct security_operations *ops)
 {
 	return -EINVAL;
@@ -637,6 +670,13 @@
 	.task_kmod_set_label =		dummy_task_kmod_set_label,
 	.task_reparent_to_init =	dummy_task_reparent_to_init,
 
+	.skb_alloc_security =		dummy_skb_alloc_security,
+	.skb_clone =			dummy_skb_clone,
+	.skb_copy =			dummy_skb_copy,
+	.skb_set_owner_w =		dummy_skb_set_owner_w,
+	.skb_recv_datagram =		dummy_skb_recv_datagram,
+	.skb_free_security =		dummy_skb_free_security,
+
 	.ipc_permission =		dummy_ipc_permission,
 	
 	.msg_queue_alloc_security =	dummy_msg_queue_alloc_security,

Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7)

[David S. Miller]

There is no way in hell that you are going to
add a function call for every time we set the
socket owner of a SKB.

That is a critical path and it happens millions upon
millions of times a second on a busy server.  Performance
will be penalized by changes like this.

I want all this junk #ifdef'd if it is necessary, in particular
the new member added to sk_buff et al.  There is no way this stuff
is going to happen in the default build, at least not in my networking
tree :-)

Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7)

[Donald Becker]

On Tue, 15 Oct 2002, David S. Miller wrote:

> That is a critical path and it happens millions upon
> millions of times a second on a busy server.  Performance
> will be penalized by changes like this.

This is a good place to point out why this patch is bogus.

The topic is adding "hooks".

The proposed method always calls a function, which must exist.  The default
function is a no-op.  This is just about the worst way of doing things.
  - It is optimizing for the unlikely and already expensive case where
    there is a hook.
  - It makes the code difficult to follow
  - It has horrible code path and cache footprint behavior.
  - Your method adds a bunch of hooks when just one would do.

The usual approach is
   if (obj->hookfun)  obj->hookfun(obj, method_index, other_params);

Even this makes the code less readable, but at least doesn't jump all
over the instruction space.  The impact is a dereference and a test for
zero, and then a jump over a push/mov instructions for values that
should already be in registers.

> There is no way in hell that you are going to
> add a function call for every time we set the
> socket owner of a SKB.

I already bitch about how cost and cache impact of allocating and manipulating
skbuffs.  This definitely falls into the category of "adding more junk".

-- 
Donald Becker				becker@scyld.com
Scyld Computing Corporation		http://www.scyld.com
410 Severn Ave. Suite 210		Scyld Beowulf cluster system
Annapolis MD 21403			410-990-9993

Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7)

[Greg KH]

On Tue, Oct 15, 2002 at 02:14:01PM -0400, Donald Becker wrote:
>   - Your method adds a bunch of hooks when just one would do.

How would you propose a single hook?  Specify the action in the hook?
Linus has already rejected this idea :)

> The usual approach is
>    if (obj->hookfun)  obj->hookfun(obj, method_index, other_params);
> 
> Even this makes the code less readable, but at least doesn't jump all
> over the instruction space.  The impact is a dereference and a test for
> zero, and then a jump over a push/mov instructions for values that
> should already be in registers.

Linus has stated that he didn't want the check and then jump, but an
unconditional jump (even if the function is nothing but a return.)  I
guess this is faster as the processor doesn't have to guess at branch
prediction.  That's why we built these calls in this way.

That being said, a number of people have asked that the networking hooks
be able to "be compiled away", so we will be glad to do this.

thanks,

greg k-h

Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7)

[David S. Miller]

   From: Greg KH <greg@kroah.com>
   Date: Tue, 15 Oct 2002 12:16:26 -0700
   
   That being said, a number of people have asked that the networking hooks
   be able to "be compiled away", so we will be glad to do this.

That's the only big beef I have with the LSM stuff,
on a whole.

I want to be able to say CONFIG_SECURITY=n and all of
this stuff totally disappears.  So use macros that expand
to the security_ops->foo() when it's enabled, and compile
into do { } while (0) when it is disabled.

And yes, as much as the LSM folks may hate it, I want distribution
makes to be able to turn this stuff off at their discretion as well.

Some may decide that supporting a mechanism like this in their kernel
is just too much.

Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7)

[Greg KH]

On Tue, Oct 15, 2002 at 12:34:43PM -0700, David S. Miller wrote:
>    From: Greg KH <greg@kroah.com>
>    Date: Tue, 15 Oct 2002 12:16:26 -0700
>    
>    That being said, a number of people have asked that the networking hooks
>    be able to "be compiled away", so we will be glad to do this.
> 
> That's the only big beef I have with the LSM stuff,
> on a whole.
> 
> I want to be able to say CONFIG_SECURITY=n and all of
> this stuff totally disappears.  So use macros that expand
> to the security_ops->foo() when it's enabled, and compile
> into do { } while (0) when it is disabled.

Fair enough, mind if I create a CONFIG_SECURITY_NETWORK that we can use
for this?

The other LSM hooks seem to be working just fine compiled in, but I can
understand the network speed issues.

thanks,

greg k-h

Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7)

[David S. Miller]

   From: Greg KH <greg@kroah.com>
   Date: Tue, 15 Oct 2002 12:45:45 -0700

   Fair enough, mind if I create a CONFIG_SECURITY_NETWORK that we can use
   for this?
   
Why special case networking?  Do it for everything.

2.5.x can use all the help it can get in the debloating
department.  It's currently busting at the seams.

security/*.o takes up space in my kernel and achieves ABSOLUTELY
NOTHING but take up space, the same goes for all the security_ops->()
invocations all over the place.

You must allow the user to config this stuff out of their tree.

Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7)

[Greg KH]

On Tue, Oct 15, 2002 at 12:45:02PM -0700, David S. Miller wrote:
>    From: Greg KH <greg@kroah.com>
>    Date: Tue, 15 Oct 2002 12:45:45 -0700
> 
>    Fair enough, mind if I create a CONFIG_SECURITY_NETWORK that we can use
>    for this?
>    
> Why special case networking?  Do it for everything.
> 
> 2.5.x can use all the help it can get in the debloating
> department.  It's currently busting at the seams.
> 
> security/*.o takes up space in my kernel and achieves ABSOLUTELY
> NOTHING but take up space, the same goes for all the security_ops->()
> invocations all over the place.

Those invocations also take up no measurable time :)

Yes, the size of the *.o files in the security directory can be shrunk a
bit:
   text    data     bss     dec     hex filename
   6765     776       8    7549    1d7d built-in.o
   3280     392       4    3676     e5c capability.o
   1772     384       0    2156     86c dummy.o
   1713       0       4    1717     6b5 security.o

The majority of this size is the multiple "NULL" hook functions.  The
developers have had a few ideas on how to fix this issue, and will be
worked on.  I can also shrink security.o by fixing a function that
doesn't need to be inlined.  But most of the logic in capability.o
previously used to be in kernel/capability.c, and that file has shrunk a
bit.

> You must allow the user to config this stuff out of their tree.

No, I only think the network stuff should be allowed to be compiled
away, not the other hooks (ipc and vfs).

We will work on this, and submit a network patch that is able to be
compiled away.

BTW, is the existing security value in struct skbuff used for anything?
I see where it is set to zero, and then copied a few times, but never
set.  Am I missing something?

thanks,

greg k-h

Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7)

[David S. Miller]

   From: Greg KH <greg@kroah.com>
   Date: Tue, 15 Oct 2002 13:12:09 -0700

   Those invocations also take up no measurable time :)
   
I simply don't care.  They take up space in my kernel.

   Yes, the size of the *.o files in the security directory can be shrunk a
   bit:
      text    data     bss     dec     hex filename
      6765     776       8    7549    1d7d built-in.o
      3280     392       4    3676     e5c capability.o
      1772     384       0    2156     86c dummy.o
      1713       0       4    1717     6b5 security.o
   
It's a whopping 32K on sparc64, and that is only counting
the security/*.o objects.

Have you added up the text taken up comparing having
the security_ops->foo() stuff there and having it removed
in the rest of the entire tree?

Have you considered the different register and stack
allocations and code generations differences that occur
because this nop function call invocation is there?

It is not FREE, it has overhead, and this is a fact.

I'm so surprised the embedded people aren't all over
this.  If I was an embedded person, CONFIG_SECURITY=n
would be one of the top things on my list.

   > You must allow the user to config this stuff out of their tree.
   
   No, I only think the network stuff should be allowed to be compiled
   away, not the other hooks (ipc and vfs).
   
I totally disagree, CONFIG_SECURITY=n is mandatory.

If you don't work on this change, then I will get someone
else to do it.

I will not even look at the networking LSM bits until
CONFIG_SECURITY=n is available.

Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7)

[Greg KH]

On Tue, Oct 15, 2002 at 01:10:37PM -0700, David S. Miller wrote:
> 
> I will not even look at the networking LSM bits until
> CONFIG_SECURITY=n is available.

Good enough reason for me, I'll start working on this.  Help from the
other LSM developers is appreciated :)

thanks,

greg k-h

Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7)

[David S. Miller]

   From: Greg KH <greg@kroah.com>
   Date: Tue, 15 Oct 2002 13:28:28 -0700

   Good enough reason for me, I'll start working on this.  Help from the
   other LSM developers is appreciated :)
   
Thank you. :-)

[RFC] change format of LSM hooks

[Greg KH]

On Tue, Oct 15, 2002 at 01:28:28PM -0700, Greg KH wrote:
> On Tue, Oct 15, 2002 at 01:10:37PM -0700, David S. Miller wrote:
> > 
> > I will not even look at the networking LSM bits until
> > CONFIG_SECURITY=n is available.
> 
> Good enough reason for me, I'll start working on this.  Help from the
> other LSM developers is appreciated :)

Ok, this wasn't that tough...

Here's a first cut at what will need to be changed.  It's a patch
against Linus's latest BK tree.  I only converted one hook (the ptrace
one), and this will not link, but will build and gives people an idea of
where I'm heading.

David, does something like this look acceptable?

With it, and CONFIG_SECURITY=n the size of the security/*.o files are
now:
   text    data     bss     dec     hex filename
    138       0       0     138      8a security/built-in.o

which I hope are a bit more to your liking :)
I still need an empty sys_security stub in order to link properly,
that's the only function needed.  The extra #includes are needed as
some files were getting security.h picked up from shed.h in the past.

I'll work on fixing up the rest of the hooks, and removing the external
reference to security_ops, and actually test this thing, later this
evening.

thanks,

greg k-h

diff -Naur -X ../dontdiff bleeding_edge-2.5/arch/i386/kernel/ptrace.c lsm-2.5/arch/i386/kernel/ptrace.c
--- bleeding_edge-2.5/arch/i386/kernel/ptrace.c	Tue Oct 15 16:47:14 2002
+++ lsm-2.5/arch/i386/kernel/ptrace.c	Tue Oct 15 16:41:44 2002
@@ -160,8 +160,7 @@
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
diff -Naur -X ../dontdiff bleeding_edge-2.5/drivers/base/fs/class.c lsm-2.5/drivers/base/fs/class.c
--- bleeding_edge-2.5/drivers/base/fs/class.c	Tue Oct 15 16:47:37 2002
+++ lsm-2.5/drivers/base/fs/class.c	Tue Oct 15 16:13:11 2002
@@ -7,6 +7,8 @@
 #include <linux/init.h>
 #include <linux/slab.h>
 #include <linux/err.h>
+#include <linux/limits.h>
+#include <linux/stat.h>
 #include "fs.h"
 
 static struct driver_dir_entry class_dir;
diff -Naur -X ../dontdiff bleeding_edge-2.5/drivers/base/fs/intf.c lsm-2.5/drivers/base/fs/intf.c
--- bleeding_edge-2.5/drivers/base/fs/intf.c	Tue Oct 15 16:47:37 2002
+++ lsm-2.5/drivers/base/fs/intf.c	Tue Oct 15 16:14:27 2002
@@ -4,6 +4,8 @@
 
 #include <linux/device.h>
 #include <linux/slab.h>
+#include <linux/limits.h>
+#include <linux/errno.h>
 #include "fs.h"
 
 /**
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/exec.c lsm-2.5/fs/exec.c
--- bleeding_edge-2.5/fs/exec.c	Tue Oct 15 16:48:19 2002
+++ lsm-2.5/fs/exec.c	Tue Oct 15 16:09:05 2002
@@ -43,6 +43,7 @@
 #include <linux/namei.h>
 #include <linux/proc_fs.h>
 #include <linux/ptrace.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 #include <asm/pgalloc.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/locks.c lsm-2.5/fs/locks.c
--- bleeding_edge-2.5/fs/locks.c	Tue Oct 15 16:48:19 2002
+++ lsm-2.5/fs/locks.c	Tue Oct 15 16:10:52 2002
@@ -122,6 +122,7 @@
 #include <linux/timer.h>
 #include <linux/time.h>
 #include <linux/fs.h>
+#include <linux/security.h>
 
 #include <asm/semaphore.h>
 #include <asm/uaccess.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/namespace.c lsm-2.5/fs/namespace.c
--- bleeding_edge-2.5/fs/namespace.c	Tue Oct 15 16:48:19 2002
+++ lsm-2.5/fs/namespace.c	Tue Oct 15 16:12:00 2002
@@ -19,6 +19,7 @@
 #include <linux/seq_file.h>
 #include <linux/namespace.h>
 #include <linux/namei.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/proc/base.c lsm-2.5/fs/proc/base.c
--- bleeding_edge-2.5/fs/proc/base.c	Tue Oct 15 16:48:26 2002
+++ lsm-2.5/fs/proc/base.c	Tue Oct 15 16:21:45 2002
@@ -28,6 +28,7 @@
 #include <linux/namespace.h>
 #include <linux/mm.h>
 #include <linux/smp_lock.h>
+#include <linux/security.h>
 
 /*
  * For hysterical raisins we keep the same inumbers as in the old procfs.
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/readdir.c lsm-2.5/fs/readdir.c
--- bleeding_edge-2.5/fs/readdir.c	Tue Oct 15 16:48:19 2002
+++ lsm-2.5/fs/readdir.c	Tue Oct 15 16:09:51 2002
@@ -11,6 +11,7 @@
 #include <linux/file.h>
 #include <linux/smp_lock.h>
 #include <linux/fs.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/xattr.c lsm-2.5/fs/xattr.c
--- bleeding_edge-2.5/fs/xattr.c	Tue Oct 15 16:48:19 2002
+++ lsm-2.5/fs/xattr.c	Tue Oct 15 16:13:59 2002
@@ -13,6 +13,7 @@
 #include <linux/file.h>
 #include <linux/xattr.h>
 #include <linux/namei.h>
+#include <linux/security.h>
 #include <asm/uaccess.h>
 
 /*
diff -Naur -X ../dontdiff bleeding_edge-2.5/include/linux/sched.h lsm-2.5/include/linux/sched.h
--- bleeding_edge-2.5/include/linux/sched.h	Tue Oct 15 16:48:49 2002
+++ lsm-2.5/include/linux/sched.h	Tue Oct 15 15:59:24 2002
@@ -600,9 +600,11 @@
 		       unsigned long, const char *, void *);
 extern void free_irq(unsigned int, void *);
 
+
+#ifdef CONFIG_SECURITY
 /* capable prototype and code moved to security.[hc] */
 #include <linux/security.h>
-#if 0
+#else
 static inline int capable(int cap)
 {
 	if (cap_raised(current->cap_effective, cap)) {
@@ -611,7 +613,7 @@
 	}
 	return 0;
 }
-#endif	/* if 0 */
+#endif
 
 /*
  * Routines for handling mm_structs
diff -Naur -X ../dontdiff bleeding_edge-2.5/include/linux/security.h lsm-2.5/include/linux/security.h
--- bleeding_edge-2.5/include/linux/security.h	Wed Oct  9 08:51:48 2002
+++ lsm-2.5/include/linux/security.h	Tue Oct 15 16:40:09 2002
@@ -22,8 +22,6 @@
 #ifndef __LINUX_SECURITY_H
 #define __LINUX_SECURITY_H
 
-#ifdef __KERNEL__
-
 #include <linux/fs.h>
 #include <linux/binfmts.h>
 #include <linux/signal.h>
@@ -33,6 +31,7 @@
 #include <linux/shm.h>
 #include <linux/msg.h>
 
+
 /*
  * Values used in the task_security_ops calls
  */
@@ -848,6 +847,16 @@
 	                            struct security_operations *ops);
 };
 
+#ifdef CONFIG_SECURITY
+
+/* global variables */
+extern struct security_operations *security_ops;
+
+/* inline stuff */
+static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
+{
+	return security_ops->ptrace (parent, child);
+}
 
 /* prototypes */
 extern int security_scaffolding_startup	(void);
@@ -857,11 +866,17 @@
 extern int mod_unreg_security	(const char *name, struct security_operations *ops);
 extern int capable		(int cap);
 
-/* global variables */
+
+#endif /* CONFIG_SECURITY */
+
+static inline int security_scaffolding_startup (void) { return 0; }
 extern struct security_operations *security_ops;
 
+static inline int security_ptrace (struct task_struct *parent, struct task_struct * child)
+{
+	return 0;
+}
 
-#endif /* __KERNEL__ */
 
 #endif /* ! __LINUX_SECURITY_H */
 
diff -Naur -X ../dontdiff bleeding_edge-2.5/init/do_mounts.c lsm-2.5/init/do_mounts.c
--- bleeding_edge-2.5/init/do_mounts.c	Mon Oct  7 13:46:56 2002
+++ lsm-2.5/init/do_mounts.c	Tue Oct 15 16:05:18 2002
@@ -12,6 +12,7 @@
 #include <linux/init.h>
 #include <linux/suspend.h>
 #include <linux/root_dev.h>
+#include <linux/security.h>
 
 #include <linux/nfs_fs.h>
 #include <linux/nfs_fs_sb.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/kernel/capability.c lsm-2.5/kernel/capability.c
--- bleeding_edge-2.5/kernel/capability.c	Tue Oct 15 16:48:52 2002
+++ lsm-2.5/kernel/capability.c	Tue Oct 15 16:08:08 2002
@@ -8,6 +8,7 @@
  */ 
 
 #include <linux/mm.h>
+#include <linux/security.h>
 #include <asm/uaccess.h>
 
 unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */
diff -Naur -X ../dontdiff bleeding_edge-2.5/kernel/kmod.c lsm-2.5/kernel/kmod.c
--- bleeding_edge-2.5/kernel/kmod.c	Tue Oct 15 16:48:52 2002
+++ lsm-2.5/kernel/kmod.c	Tue Oct 15 16:10:50 2002
@@ -29,6 +29,7 @@
 #include <linux/completion.h>
 #include <linux/file.h>
 #include <linux/workqueue.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 
diff -Naur -X ../dontdiff bleeding_edge-2.5/kernel/ptrace.c lsm-2.5/kernel/ptrace.c
--- bleeding_edge-2.5/kernel/ptrace.c	Tue Oct 15 16:48:52 2002
+++ lsm-2.5/kernel/ptrace.c	Tue Oct 15 16:09:07 2002
@@ -14,6 +14,7 @@
 #include <linux/pagemap.h>
 #include <linux/smp_lock.h>
 #include <linux/ptrace.h>
+#include <linux/security.h>
 
 #include <asm/pgtable.h>
 #include <asm/uaccess.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/kernel/signal.c lsm-2.5/kernel/signal.c
--- bleeding_edge-2.5/kernel/signal.c	Tue Oct 15 16:48:52 2002
+++ lsm-2.5/kernel/signal.c	Tue Oct 15 16:09:55 2002
@@ -18,6 +18,7 @@
 #include <linux/fs.h>
 #include <linux/tty.h>
 #include <linux/binfmts.h>
+#include <linux/security.h>
 #include <asm/param.h>
 #include <asm/uaccess.h>
 #include <asm/siginfo.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/security/Config.in lsm-2.5/security/Config.in
--- bleeding_edge-2.5/security/Config.in	Tue Oct 15 16:49:00 2002
+++ lsm-2.5/security/Config.in	Tue Oct 15 15:41:13 2002
@@ -3,5 +3,8 @@
 #
 mainmenu_option next_comment
 comment 'Security options'
-define_bool CONFIG_SECURITY_CAPABILITIES y
+bool 'Enable different security models' CONFIG_SECURITY
+if [ "$CONFIG_SECURITY" = "y" ]; then
+   dep_tristate '  Default Linux Capabilities' CONFIG_SECURITY_CAPABILITIES $CONFIG_SECURITY
+fi
 endmenu
diff -Naur -X ../dontdiff bleeding_edge-2.5/security/Makefile lsm-2.5/security/Makefile
--- bleeding_edge-2.5/security/Makefile	Tue Oct 15 16:49:00 2002
+++ lsm-2.5/security/Makefile	Tue Oct 15 16:34:21 2002
@@ -6,8 +6,8 @@
 export-objs	:= security.o
 
 # Object file lists
-obj-y		:= security.o dummy.o
-
+obj-y					+= sys_security.o
+obj-$(CONFIG_SECURITY)			+= security.o dummy.o
 obj-$(CONFIG_SECURITY_CAPABILITIES)	+= capability.o
 
 include $(TOPDIR)/Rules.make
diff -Naur -X ../dontdiff bleeding_edge-2.5/security/sys_security.c lsm-2.5/security/sys_security.c
--- bleeding_edge-2.5/security/sys_security.c	Wed Dec 31 16:00:00 1969
+++ lsm-2.5/security/sys_security.c	Tue Oct 15 16:34:03 2002
@@ -0,0 +1,45 @@
+/*
+ * Security plug functions
+ *
+ * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
+ * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
+ * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
+ *
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/security.h>
+
+/**
+ * sys_security - security syscall multiplexor.
+ * @id: module id
+ * @call: call identifier
+ * @args: arg list for call
+ *
+ * Similar to sys_socketcall.  Can use id to help identify which module user
+ * app is talking to.  The recommended convention for creating the
+ * hexadecimal id value is:
+ * 'echo "Name_of_module" | md5sum | cut -c -8'.
+ * By following this convention, there's no need for a central registry.
+ */
+#ifdef CONFIG_SECURITY
+asmlinkage long sys_security (unsigned int id, unsigned int call,
+			      unsigned long *args)
+{
+	return security_ops->sys_security (id, call, args);
+}
+#else
+asmlinkage long sys_security (unsigned int id, unsigned int call,
+			      unsigned long *args)
+{
+	return -ENOSYS;
+}
+#endif
+

Re: [RFC] change format of LSM hooks

[David S. Miller]

   From: Greg KH <greg@kroah.com>
   Date: Tue, 15 Oct 2002 17:07:06 -0700

   David, does something like this look acceptable?
   
Yes.

   which I hope are a bit more to your liking :)

It is :-)

   The extra #includes are needed as some files were getting
   security.h picked up from shed.h in the past.
   
Ok, I was about to ask about that.

Franks a lot,
David S. Miller
davem@redhat.com

Re: [RFC] change format of LSM hooks

[Greg KH]

On Tue, Oct 15, 2002 at 05:07:06PM -0700, Greg KH wrote:
> 
> I'll work on fixing up the rest of the hooks, and removing the external
> reference to security_ops, and actually test this thing, later this
> evening.

Here's all the hooks converted over to function calls.  Chris Wright
pointed out I need to do some extra work with the existing capabilities
hooks, but I'll do that in the morning.

Thanks to John Levon for pointing out cond_syscall() to me, very cool
function.  That removes the need to have a sys_security.c file.

Patch is against 2.5.43, and builds for me, both with and without
CONFIG_SECURITY set.  Haven't booted it yet though...

thanks,

greg k-h


===== arch/arm/kernel/ptrace.c 1.14 vs edited =====
--- 1.14/arch/arm/kernel/ptrace.c	Sun Oct 13 07:32:28 2002
+++ edited/arch/arm/kernel/ptrace.c	Wed Oct 16 00:46:07 2002
@@ -719,8 +719,7 @@
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
===== arch/i386/kernel/ptrace.c 1.13 vs edited =====
--- 1.13/arch/i386/kernel/ptrace.c	Fri Jul 19 16:00:55 2002
+++ edited/arch/i386/kernel/ptrace.c	Tue Oct 15 22:24:45 2002
@@ -160,8 +160,7 @@
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
===== arch/ia64/kernel/ptrace.c 1.12 vs edited =====
--- 1.12/arch/ia64/kernel/ptrace.c	Tue Sep 17 23:22:09 2002
+++ edited/arch/ia64/kernel/ptrace.c	Wed Oct 16 00:45:53 2002
@@ -1101,8 +1101,7 @@
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		current->ptrace |= PT_PTRACED;
 		ret = 0;
===== arch/ppc/kernel/ptrace.c 1.10 vs edited =====
--- 1.10/arch/ppc/kernel/ptrace.c	Sun Sep 15 21:51:59 2002
+++ edited/arch/ppc/kernel/ptrace.c	Wed Oct 16 00:45:41 2002
@@ -166,8 +166,7 @@
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
===== arch/ppc64/kernel/ptrace.c 1.3 vs edited =====
--- 1.3/arch/ppc64/kernel/ptrace.c	Wed Aug 28 23:42:43 2002
+++ edited/arch/ppc64/kernel/ptrace.c	Wed Oct 16 00:45:16 2002
@@ -59,8 +59,7 @@
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
===== arch/ppc64/kernel/ptrace32.c 1.5 vs edited =====
--- 1.5/arch/ppc64/kernel/ptrace32.c	Wed Aug 28 23:42:43 2002
+++ edited/arch/ppc64/kernel/ptrace32.c	Wed Oct 16 00:45:29 2002
@@ -48,8 +48,7 @@
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
===== arch/ppc64/kernel/sys_ppc32.c 1.24 vs edited =====
--- 1.24/arch/ppc64/kernel/sys_ppc32.c	Fri Oct 11 19:04:17 2002
+++ edited/arch/ppc64/kernel/sys_ppc32.c	Wed Oct 16 00:15:31 2002
@@ -53,6 +53,7 @@
 #include <linux/mman.h>
 #include <linux/sysctl.h>
 #include <linux/binfmts.h>
+#include <linux/security.h>
 
 #include <asm/types.h>
 #include <asm/ipc.h>
@@ -3519,8 +3520,7 @@
 	if ((retval = bprm.envc) < 0)
 		goto out_mm;
 
-	retval = security_ops->bprm_alloc_security(&bprm);
-	if (retval) 
+	if ((retval = security_bprm_alloc(&bprm)))
 		goto out;
 
 	retval = prepare_binprm(&bprm);
@@ -3543,7 +3543,7 @@
 	retval = search_binary_handler(&bprm,regs);
 	if (retval >= 0) {
 		/* execve success */
-		security_ops->bprm_free_security(&bprm);
+		security_bprm_free(&bprm);
 		return retval;
 	}
 
@@ -3556,7 +3556,7 @@
 	}
 
 	if (bprm.security)
-		security_ops->bprm_free_security(&bprm);
+		security_bprm_free(&bprm);
 
 out_mm:
 	mmdrop(bprm.mm);
===== arch/s390/kernel/ptrace.c 1.9 vs edited =====
--- 1.9/arch/s390/kernel/ptrace.c	Fri Oct  4 09:16:18 2002
+++ edited/arch/s390/kernel/ptrace.c	Wed Oct 16 00:44:51 2002
@@ -330,8 +330,7 @@
 		ret = -EPERM;
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
===== arch/s390x/kernel/ptrace.c 1.8 vs edited =====
--- 1.8/arch/s390x/kernel/ptrace.c	Fri Oct  4 09:16:18 2002
+++ edited/arch/s390x/kernel/ptrace.c	Wed Oct 16 00:44:40 2002
@@ -32,6 +32,7 @@
 #include <linux/errno.h>
 #include <linux/ptrace.h>
 #include <linux/user.h>
+#include <linux/security.h>
 
 #include <asm/segment.h>
 #include <asm/page.h>
@@ -568,8 +569,7 @@
 		ret = -EPERM;
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
===== arch/sparc/kernel/ptrace.c 1.11 vs edited =====
--- 1.11/arch/sparc/kernel/ptrace.c	Sat Aug 24 04:08:41 2002
+++ edited/arch/sparc/kernel/ptrace.c	Wed Oct 16 00:44:06 2002
@@ -291,8 +291,7 @@
 			pt_error_return(regs, EPERM);
 			goto out;
 		}
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret) {
+		if ((ret = security_ptrace(current->parent, current))) {
 			pt_error_return(regs, -ret);
 			goto out;
 		}
===== arch/sparc64/kernel/ptrace.c 1.16 vs edited =====
--- 1.16/arch/sparc64/kernel/ptrace.c	Sat Aug 24 03:59:14 2002
+++ edited/arch/sparc64/kernel/ptrace.c	Wed Oct 16 00:43:53 2002
@@ -140,8 +140,7 @@
 			pt_error_return(regs, EPERM);
 			goto out;
 		}
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret) {
+		if ((ret = security_ptrace(current->parent, current))) {
 			pt_error_return(regs, -ret);
 			goto out;
 		}
===== arch/sparc64/kernel/sys_sparc32.c 1.39 vs edited =====
--- 1.39/arch/sparc64/kernel/sys_sparc32.c	Mon Oct 14 05:17:46 2002
+++ edited/arch/sparc64/kernel/sys_sparc32.c	Wed Oct 16 00:14:27 2002
@@ -2972,8 +2972,7 @@
 	if ((retval = bprm.envc) < 0)
 		goto out_mm;
 
-	retval = security_ops->bprm_alloc_security(&bprm);
-	if (retval) 
+	if ((retval = security_bprm_alloc(&bprm)))
 		goto out;
 
 	retval = prepare_binprm(&bprm);
@@ -2996,7 +2995,7 @@
 	retval = search_binary_handler(&bprm, regs);
 	if (retval >= 0) {
 		/* execve success */
-		security_ops->bprm_free_security(&bprm);
+		security_bprm_free(&bprm);
 		return retval;
 	}
 
@@ -3009,7 +3008,7 @@
 	}
 
 	if (bprm.security)
-		security_ops->bprm_free_security(&bprm);
+		security_bprm_free(&bprm);
 
 out_mm:
 	mmdrop(bprm.mm);
===== arch/um/kernel/ptrace.c 1.1 vs edited =====
--- 1.1/arch/um/kernel/ptrace.c	Fri Sep  6 10:50:31 2002
+++ edited/arch/um/kernel/ptrace.c	Wed Oct 16 00:43:41 2002
@@ -33,8 +33,7 @@
 		if (current->ptrace & PT_PTRACED)
 			goto out;
 
-		ret = security_ops->ptrace(current->parent, current);
-		if(ret)
+		if ((ret = security_ptrace(current->parent, current)))
  			goto out;
 
 		/* set the ptrace bit in the process flags. */
===== arch/x86_64/kernel/ptrace.c 1.4 vs edited =====
--- 1.4/arch/x86_64/kernel/ptrace.c	Fri Oct 11 16:52:38 2002
+++ edited/arch/x86_64/kernel/ptrace.c	Wed Oct 16 00:43:30 2002
@@ -178,8 +178,7 @@
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
===== drivers/base/fs/class.c 1.2 vs edited =====
--- 1.2/drivers/base/fs/class.c	Mon Aug 26 08:39:22 2002
+++ edited/drivers/base/fs/class.c	Tue Oct 15 22:24:45 2002
@@ -7,6 +7,8 @@
 #include <linux/init.h>
 #include <linux/slab.h>
 #include <linux/err.h>
+#include <linux/limits.h>
+#include <linux/stat.h>
 #include "fs.h"
 
 static struct driver_dir_entry class_dir;
===== drivers/base/fs/intf.c 1.2 vs edited =====
--- 1.2/drivers/base/fs/intf.c	Mon Aug 26 09:24:18 2002
+++ edited/drivers/base/fs/intf.c	Tue Oct 15 22:24:45 2002
@@ -4,6 +4,8 @@
 
 #include <linux/device.h>
 #include <linux/slab.h>
+#include <linux/limits.h>
+#include <linux/errno.h>
 #include "fs.h"
 
 /**
===== fs/attr.c 1.10 vs edited =====
--- 1.10/fs/attr.c	Mon Jul 22 03:12:48 2002
+++ edited/fs/attr.c	Tue Oct 15 23:50:23 2002
@@ -153,13 +153,12 @@
 	}
 
 	if (inode->i_op && inode->i_op->setattr) {
-		error = security_ops->inode_setattr(dentry, attr);
-		if (!error)
+		if (!(error = security_inode_setattr(dentry, attr)))
 			error = inode->i_op->setattr(dentry, attr);
 	} else {
 		error = inode_change_ok(inode, attr);
 		if (!error)
-			error = security_ops->inode_setattr(dentry, attr);
+			error = security_inode_setattr(dentry, attr);
 		if (!error) {
 			if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
 			    (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
===== fs/dquot.c 1.48 vs edited =====
--- 1.48/fs/dquot.c	Sun Oct 13 08:39:23 2002
+++ edited/fs/dquot.c	Tue Oct 15 22:55:27 2002
@@ -69,6 +69,7 @@
 #include <linux/init.h>
 #include <linux/module.h>
 #include <linux/proc_fs.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 
@@ -1305,8 +1306,7 @@
 	error = -EIO;
 	if (!f->f_op || !f->f_op->read || !f->f_op->write)
 		goto out_f;
-	error = security_ops->quota_on(f);
-	if (error)
+	if ((error = security_quota_on(f)))
 		goto out_f;
 	inode = f->f_dentry->d_inode;
 	error = -EACCES;
===== fs/exec.c 1.51 vs edited =====
--- 1.51/fs/exec.c	Sun Oct 13 09:32:22 2002
+++ edited/fs/exec.c	Tue Oct 15 23:03:20 2002
@@ -43,6 +43,7 @@
 #include <linux/namei.h>
 #include <linux/proc_fs.h>
 #include <linux/ptrace.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 #include <asm/pgalloc.h>
@@ -818,8 +819,7 @@
 	}
 
 	/* fill in binprm security blob */
-	retval = security_ops->bprm_set_security(bprm);
-	if (retval)
+	if ((retval = security_bprm_set(bprm)))
 		return retval;
 
 	memset(bprm->buf,0,BINPRM_BUF_SIZE);
@@ -867,7 +867,7 @@
 	if(do_unlock)
 		unlock_kernel();
 
-	security_ops->bprm_compute_creds(bprm);
+	security_bprm_compute_creds(bprm);
 }
 
 void remove_arg_zero(struct linux_binprm *bprm)
@@ -936,8 +936,7 @@
 	    }
 	}
 #endif
-	retval = security_ops->bprm_check_security(bprm);
-	if (retval) 
+	if ((retval = security_bprm_check(bprm)))
 		return retval;
 
 	/* kernel module loader fixup */
@@ -1033,8 +1032,7 @@
 	if ((retval = bprm.envc) < 0)
 		goto out_mm;
 
-	retval = security_ops->bprm_alloc_security(&bprm);
-	if (retval) 
+	if ((retval = security_bprm_alloc(&bprm)))
 		goto out;
 
 	retval = prepare_binprm(&bprm);
@@ -1057,7 +1055,7 @@
 	retval = search_binary_handler(&bprm,regs);
 	if (retval >= 0) {
 		/* execve success */
-		security_ops->bprm_free_security(&bprm);
+		security_bprm_free(&bprm);
 		return retval;
 	}
 
@@ -1070,7 +1068,7 @@
 	}
 
 	if (bprm.security)
-		security_ops->bprm_free_security(&bprm);
+		security_bprm_free(&bprm);
 
 out_mm:
 	mmdrop(bprm.mm);
===== fs/fcntl.c 1.20 vs edited =====
--- 1.20/fs/fcntl.c	Sun Oct 13 08:39:40 2002
+++ edited/fs/fcntl.c	Wed Oct 16 00:04:50 2002
@@ -274,8 +274,7 @@
 {
 	int err;
 	
-	err = security_ops->file_set_fowner(filp);
-	if (err)
+	if ((err = security_file_set_fowner(filp)))
 		return err;
 
 	f_modown(filp, arg, current->uid, current->euid, force);
@@ -368,8 +367,7 @@
 	if (!filp)
 		goto out;
 
-	err = security_ops->file_fcntl(filp, cmd, arg);
-	if (err) {
+	if ((err = security_file_fcntl(filp, cmd, arg))) {
 		fput(filp);
 		return err;
 	}
@@ -392,8 +390,7 @@
 	if (!filp)
 		goto out;
 
-	err = security_ops->file_fcntl(filp, cmd, arg);
-	if (err) {
+	if ((err = security_file_fcntl(filp, cmd, arg))) {
 		fput(filp);
 		return err;
 	}
@@ -444,7 +441,7 @@
 	if (!sigio_perm(p, fown))
 		return;
 
-	if (security_ops->file_send_sigiotask(p, fown, fd, reason))
+	if (security_file_send_sigiotask(p, fown, fd, reason))
 		return;
 
 	switch (fown->signum) {
===== fs/file_table.c 1.13 vs edited =====
--- 1.13/fs/file_table.c	Sun Oct 13 08:39:40 2002
+++ edited/fs/file_table.c	Wed Oct 16 00:04:27 2002
@@ -46,7 +46,7 @@
 		files_stat.nr_free_files--;
 	new_one:
 		memset(f, 0, sizeof(*f));
-		if (security_ops->file_alloc_security(f)) {
+		if (security_file_alloc(f)) {
 			list_add(&f->f_list, &free_list);
 			files_stat.nr_free_files++;
 			file_list_unlock();
@@ -127,7 +127,7 @@
 
 	if (file->f_op && file->f_op->release)
 		file->f_op->release(inode, file);
-	security_ops->file_free_security(file);
+	security_file_free(file);
 	fops_put(file->f_op);
 	if (file->f_mode & FMODE_WRITE)
 		put_write_access(inode);
@@ -160,7 +160,7 @@
 void put_filp(struct file *file)
 {
 	if(atomic_dec_and_test(&file->f_count)) {
-		security_ops->file_free_security(file);
+		security_file_free(file);
 		file_list_lock();
 		list_del(&file->f_list);
 		list_add(&file->f_list, &free_list);
===== fs/inode.c 1.74 vs edited =====
--- 1.74/fs/inode.c	Sun Oct 13 08:39:23 2002
+++ edited/fs/inode.c	Tue Oct 15 23:49:49 2002
@@ -120,7 +120,7 @@
 		inode->i_bdev = NULL;
 		inode->i_cdev = NULL;
 		inode->i_security = NULL;
-		if (security_ops->inode_alloc_security(inode)) {
+		if (security_inode_alloc(inode)) {
 			if (inode->i_sb->s_op->destroy_inode)
 				inode->i_sb->s_op->destroy_inode(inode);
 			else
@@ -146,7 +146,7 @@
 {
 	if (inode_has_buffers(inode))
 		BUG();
-	security_ops->inode_free_security(inode);
+	security_inode_free(inode);
 	if (inode->i_sb->s_op->destroy_inode) {
 		inode->i_sb->s_op->destroy_inode(inode);
 	} else {
@@ -922,7 +922,7 @@
 	if (inode->i_data.nrpages)
 		truncate_inode_pages(&inode->i_data, 0);
 
-	security_ops->inode_delete(inode);
+	security_inode_delete(inode);
 
 	if (op && op->delete_inode) {
 		void (*delete)(struct inode *) = op->delete_inode;
===== fs/ioctl.c 1.5 vs edited =====
--- 1.5/fs/ioctl.c	Mon Jul 22 03:12:48 2002
+++ edited/fs/ioctl.c	Wed Oct 16 00:06:16 2002
@@ -59,8 +59,7 @@
 		goto out;
 	error = 0;
 
-	error = security_ops->file_ioctl(filp, cmd, arg);
-        if (error) {
+	if ((error = security_file_ioctl(filp, cmd, arg))) {
                 fput(filp);
                 goto out;
         }
===== fs/locks.c 1.30 vs edited =====
--- 1.30/fs/locks.c	Thu Sep 26 10:36:16 2002
+++ edited/fs/locks.c	Wed Oct 16 00:06:00 2002
@@ -122,6 +122,7 @@
 #include <linux/timer.h>
 #include <linux/time.h>
 #include <linux/fs.h>
+#include <linux/security.h>
 
 #include <asm/semaphore.h>
 #include <asm/uaccess.h>
@@ -1170,8 +1171,7 @@
 		return -EACCES;
 	if (!S_ISREG(inode->i_mode))
 		return -EINVAL;
-	error = security_ops->file_lock(filp, arg);
-	if (error)
+	if ((error = security_file_lock(filp, arg)))
 		return error;
 
 	lock_kernel();
@@ -1284,8 +1284,7 @@
 	if (error)
 		goto out_putf;
 
-	error = security_ops->file_lock(filp, cmd);
-	if (error)
+	if ((error = security_file_lock(filp, cmd)))
 		goto out_free;
 
 	for (;;) {
@@ -1434,8 +1433,7 @@
 		goto out;
 	}
 
-	error = security_ops->file_lock(filp, file_lock->fl_type);
-	if (error)
+	if ((error = security_file_lock(filp, file_lock->fl_type)))
 		goto out;
 
 	if (filp->f_op && filp->f_op->lock != NULL) {
@@ -1574,8 +1572,7 @@
 		goto out;
 	}
 
-	error = security_ops->file_lock(filp, file_lock->fl_type);
-	if (error)
+	if ((error = security_file_lock(filp, file_lock->fl_type)))
 		goto out;
 
 	if (filp->f_op && filp->f_op->lock != NULL) {
===== fs/namei.c 1.56 vs edited =====
--- 1.56/fs/namei.c	Tue Sep 17 12:52:27 2002
+++ edited/fs/namei.c	Tue Oct 15 23:47:28 2002
@@ -218,7 +218,7 @@
 	if (retval)
 		return retval;
 
-	return security_ops->inode_permission(inode, mask);
+	return security_inode_permission(inode, mask);
 }
 
 /*
@@ -340,7 +340,7 @@
 
 	return -EACCES;
 ok:
-	return security_ops->inode_permission_lite(inode, MAY_EXEC);
+	return security_inode_permission_lite(inode, MAY_EXEC);
 }
 
 /*
@@ -374,7 +374,7 @@
 				dput(dentry);
 			else {
 				result = dentry;
-				security_ops->inode_post_lookup(dir, result);
+				security_inode_post_lookup(dir, result);
 			}
 		}
 		up(&dir->i_sem);
@@ -413,8 +413,7 @@
 		current->state = TASK_RUNNING;
 		schedule();
 	}
-	err = security_ops->inode_follow_link(dentry, nd);
-	if (err)
+	if ((err = security_inode_follow_link(dentry, nd)))
 		goto loop;
 	current->link_count++;
 	current->total_link_count++;
@@ -918,7 +917,7 @@
 		dentry = inode->i_op->lookup(inode, new);
 		if (!dentry) {
 			dentry = new;
-			security_ops->inode_post_lookup(inode, dentry);
+			security_inode_post_lookup(inode, dentry);
 		} else
 			dput(new);
 	}
@@ -1125,14 +1124,13 @@
 		return -EACCES;	/* shouldn't it be ENOSYS? */
 	mode &= S_IALLUGO;
 	mode |= S_IFREG;
-	error = security_ops->inode_create(dir, dentry, mode);
-	if (error)
+	if ((error = security_inode_create(dir, dentry, mode)))
 		return error;
 	DQUOT_INIT(dir);
 	error = dir->i_op->create(dir, dentry, mode);
 	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
-		security_ops->inode_post_create(dir, dentry, mode);
+		security_inode_post_create(dir, dentry, mode);
 	}
 	return error;
 }
@@ -1344,8 +1342,7 @@
 	 * stored in nd->last.name and we will have to putname() it when we
 	 * are done. Procfs-like symlinks just set LAST_BIND.
 	 */
-	error = security_ops->inode_follow_link(dentry, nd);
-	if (error)
+	if ((error = security_inode_follow_link(dentry, nd)))
 		goto exit_dput;
 	UPDATE_ATIME(dentry->d_inode);
 	error = dentry->d_inode->i_op->follow_link(dentry, nd);
@@ -1410,15 +1407,14 @@
 	if (!dir->i_op || !dir->i_op->mknod)
 		return -EPERM;
 
-	error = security_ops->inode_mknod(dir, dentry, mode, dev);
-	if (error)
+	if ((error = security_inode_mknod(dir, dentry, mode, dev)))
 		return error;
 
 	DQUOT_INIT(dir);
 	error = dir->i_op->mknod(dir, dentry, mode, dev);
 	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
-		security_ops->inode_post_mknod(dir, dentry, mode, dev);
+		security_inode_post_mknod(dir, dentry, mode, dev);
 	}
 	return error;
 }
@@ -1478,15 +1474,14 @@
 		return -EPERM;
 
 	mode &= (S_IRWXUGO|S_ISVTX);
-	error = security_ops->inode_mkdir(dir, dentry, mode);
-	if (error)
+	if ((error = security_inode_mkdir(dir, dentry, mode)))
 		return error;
 
 	DQUOT_INIT(dir);
 	error = dir->i_op->mkdir(dir, dentry, mode);
 	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
-		security_ops->inode_post_mkdir(dir,dentry, mode);
+		security_inode_post_mkdir(dir,dentry, mode);
 	}
 	return error;
 }
@@ -1570,8 +1565,7 @@
 	if (d_mountpoint(dentry))
 		error = -EBUSY;
 	else {
-		error = security_ops->inode_rmdir(dir, dentry);
-		if (!error) {
+		if (!(error = security_inode_rmdir(dir, dentry))) {
 			error = dir->i_op->rmdir(dir, dentry);
 			if (!error)
 				dentry->d_inode->i_flags |= S_DEAD;
@@ -1644,10 +1638,8 @@
 	if (d_mountpoint(dentry))
 		error = -EBUSY;
 	else {
-		error = security_ops->inode_unlink(dir, dentry);
-		if (!error) {
+		if (!(error = security_inode_unlink(dir, dentry)))
 			error = dir->i_op->unlink(dir, dentry);
-		}
 	}
 	up(&dentry->d_inode->i_sem);
 	if (!error) {
@@ -1709,15 +1701,14 @@
 	if (!dir->i_op || !dir->i_op->symlink)
 		return -EPERM;
 
-	error = security_ops->inode_symlink(dir, dentry, oldname);
-	if (error)
+	if ((error = security_inode_symlink(dir, dentry, oldname)))
 		return error;
 
 	DQUOT_INIT(dir);
 	error = dir->i_op->symlink(dir, dentry, oldname);
 	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
-		security_ops->inode_post_symlink(dir, dentry, oldname);
+		security_inode_post_symlink(dir, dentry, oldname);
 	}
 	return error;
 }
@@ -1780,8 +1771,7 @@
 	if (S_ISDIR(old_dentry->d_inode->i_mode))
 		return -EPERM;
 
-	error = security_ops->inode_link(old_dentry, dir, new_dentry);
-	if (error)
+	if ((error = security_inode_link(old_dentry, dir, new_dentry)))
 		return error;
 
 	down(&old_dentry->d_inode->i_sem);
@@ -1790,7 +1780,7 @@
 	up(&old_dentry->d_inode->i_sem);
 	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
-		security_ops->inode_post_link(old_dentry, dir, new_dentry);
+		security_inode_post_link(old_dentry, dir, new_dentry);
 	}
 	return error;
 }
@@ -1889,8 +1879,7 @@
 			return error;
 	}
 
-	error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry);
-	if (error)
+	if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry)))
 		return error;
 
 	target = new_dentry->d_inode;
@@ -1912,8 +1901,8 @@
 	}
 	if (!error) {
 		d_move(old_dentry,new_dentry);
-		security_ops->inode_post_rename(old_dir, old_dentry,
-							new_dir, new_dentry);
+		security_inode_post_rename(old_dir, old_dentry,
+					   new_dir, new_dentry);
 	}
 	return error;
 }
@@ -1924,8 +1913,7 @@
 	struct inode *target;
 	int error;
 
-	error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry);
-	if (error)
+	if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry)))
 		return error;
 
 	dget(new_dentry);
@@ -1940,7 +1928,7 @@
 		/* The following d_move() should become unconditional */
 		if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME))
 			d_move(old_dentry, new_dentry);
-		security_ops->inode_post_rename(old_dir, old_dentry, new_dir, new_dentry);
+		security_inode_post_rename(old_dir, old_dentry, new_dir, new_dentry);
 	}
 	if (target)
 		up(&target->i_sem);
===== fs/namespace.c 1.29 vs edited =====
--- 1.29/fs/namespace.c	Tue Sep 17 12:52:27 2002
+++ edited/fs/namespace.c	Tue Oct 15 23:17:32 2002
@@ -19,6 +19,7 @@
 #include <linux/seq_file.h>
 #include <linux/namespace.h>
 #include <linux/namei.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 
@@ -288,8 +289,7 @@
 	struct super_block * sb = mnt->mnt_sb;
 	int retval = 0;
 
-	retval = security_ops->sb_umount(mnt, flags);
-	if (retval)
+	if ((retval = security_sb_umount(mnt, flags)))
 		return retval;
 
 	/*
@@ -341,7 +341,7 @@
 		DQUOT_OFF(sb);
 		acct_auto_close(sb);
 		unlock_kernel();
-		security_ops->sb_umount_close(mnt);
+		security_sb_umount_close(mnt);
 		spin_lock(&dcache_lock);
 	}
 	retval = -EBUSY;
@@ -352,7 +352,7 @@
 	}
 	spin_unlock(&dcache_lock);
 	if (retval)
-		security_ops->sb_umount_busy(mnt);
+		security_sb_umount_busy(mnt);
 	up_write(&current->namespace->sem);
 	return retval;
 }
@@ -470,8 +470,7 @@
 	if (IS_DEADDIR(nd->dentry->d_inode))
 		goto out_unlock;
 
-	err = security_ops->sb_check_sb(mnt, nd);
-	if (err)
+	if ((err = security_sb_check_sb(mnt, nd)))
 		goto out_unlock;
 
 	spin_lock(&dcache_lock);
@@ -487,7 +486,7 @@
 out_unlock:
 	up(&nd->dentry->d_inode->i_sem);
 	if (!err)
-		security_ops->sb_post_addmount(mnt, nd);
+		security_sb_post_addmount(mnt, nd);
 	return err;
 }
 
@@ -558,7 +557,7 @@
 		nd->mnt->mnt_flags=mnt_flags;
 	up_write(&sb->s_umount);
 	if (!err)
-		security_ops->sb_post_remount(nd->mnt, flags, data);
+		security_sb_post_remount(nd->mnt, flags, data);
 	return err;
 }
 
@@ -741,8 +740,7 @@
 	if (retval)
 		return retval;
 
-	retval = security_ops->sb_mount(dev_name, &nd, type_page, flags, data_page);
-	if (retval)
+	if ((retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page)))
 		goto dput_out;
 
 	if (flags & MS_REMOUNT)
@@ -939,8 +937,7 @@
 	if (error)
 		goto out1;
 
-	error = security_ops->sb_pivotroot(&old_nd, &new_nd);
-	if (error) {
+	if ((error = security_sb_pivotroot(&old_nd, &new_nd))) {
 		path_release(&old_nd);
 		goto out1;
 	}
@@ -989,7 +986,7 @@
 	attach_mnt(new_nd.mnt, &root_parent);
 	spin_unlock(&dcache_lock);
 	chroot_fs_refs(&user_nd, &new_nd);
-	security_ops->sb_post_pivotroot(&user_nd, &new_nd);
+	security_sb_post_pivotroot(&user_nd, &new_nd);
 	error = 0;
 	path_release(&root_parent);
 	path_release(&parent_nd);
===== fs/open.c 1.28 vs edited =====
--- 1.28/fs/open.c	Sun Oct 13 08:39:40 2002
+++ edited/fs/open.c	Tue Oct 15 23:19:46 2002
@@ -30,8 +30,7 @@
 		retval = -ENOSYS;
 		if (sb->s_op && sb->s_op->statfs) {
 			memset(buf, 0, sizeof(struct statfs));
-			retval = security_ops->sb_statfs(sb);
-			if (retval)
+			if ((retval = security_sb_statfs(sb)))
 				return retval;
 			retval = sb->s_op->statfs(sb, buf);
 		}
===== fs/quota.c 1.8 vs edited =====
--- 1.8/fs/quota.c	Mon Jul 22 03:12:48 2002
+++ edited/fs/quota.c	Tue Oct 15 22:54:46 2002
@@ -98,7 +98,7 @@
 		if (!capable(CAP_SYS_ADMIN))
 			return -EPERM;
 
-	return security_ops->quotactl (cmd, type, id, sb);
+	return security_quotactl (cmd, type, id, sb);
 }
 
 /* Resolve device pathname to superblock */
===== fs/read_write.c 1.19 vs edited =====
--- 1.19/fs/read_write.c	Thu Oct 10 14:36:26 2002
+++ edited/fs/read_write.c	Wed Oct 16 00:08:14 2002
@@ -121,8 +121,7 @@
 	if (!file)
 		goto bad;
 
-	retval = security_ops->file_llseek(file);
-	if (retval) {
+	if ((retval = security_file_llseek(file))) {
 		fput(file);
 		goto bad;
 	}
@@ -153,8 +152,7 @@
 	if (!file)
 		goto bad;
 
-	retval = security_ops->file_llseek(file);
-	if (retval)
+	if ((retval = security_file_llseek(file)))
 		goto out_putf;
 
 	retval = -EINVAL;
@@ -203,8 +201,7 @@
 
 	ret = locks_verify_area(FLOCK_VERIFY_READ, inode, file, *pos, count);
 	if (!ret) {
-		ret = security_ops->file_permission (file, MAY_READ);
-		if (!ret) {
+		if (!(ret = security_file_permission (file, MAY_READ))) {
 			if (file->f_op->read)
 				ret = file->f_op->read(file, buf, count, pos);
 			else
@@ -243,8 +240,7 @@
 
 	ret = locks_verify_area(FLOCK_VERIFY_WRITE, inode, file, *pos, count);
 	if (!ret) {
-		ret = security_ops->file_permission (file, MAY_WRITE);
-		if (!ret) {
+		if (!(ret = security_file_permission (file, MAY_WRITE))) {
 			if (file->f_op->write)
 				ret = file->f_op->write(file, buf, count, pos);
 			else
@@ -475,8 +471,7 @@
 		goto bad_file;
 	if (file->f_op && (file->f_mode & FMODE_READ) &&
 	    (file->f_op->readv || file->f_op->read)) {
-		ret = security_ops->file_permission (file, MAY_READ);
-		if (!ret)
+		if (!(ret = security_file_permission (file, MAY_READ)))
 			ret = do_readv_writev(READ, file, vector, nr_segs);
 	}
 	fput(file);
@@ -498,8 +493,7 @@
 		goto bad_file;
 	if (file->f_op && (file->f_mode & FMODE_WRITE) &&
 	    (file->f_op->writev || file->f_op->write)) {
-		ret = security_ops->file_permission (file, MAY_WRITE);
-		if (!ret)
+		if (!(ret = security_file_permission (file, MAY_WRITE)))
 			ret = do_readv_writev(WRITE, file, vector, nr_segs);
 	}
 	fput(file);
===== fs/readdir.c 1.9 vs edited =====
--- 1.9/fs/readdir.c	Mon Jul 22 03:12:48 2002
+++ edited/fs/readdir.c	Wed Oct 16 00:06:40 2002
@@ -11,6 +11,7 @@
 #include <linux/file.h>
 #include <linux/smp_lock.h>
 #include <linux/fs.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 
@@ -21,8 +22,7 @@
 	if (!file->f_op || !file->f_op->readdir)
 		goto out;
 
-	res = security_ops->file_permission(file, MAY_READ);
-	if (res)
+	if ((res = security_file_permission(file, MAY_READ)))
 		goto out;
 
 	down(&inode->i_sem);
===== fs/stat.c 1.13 vs edited =====
--- 1.13/fs/stat.c	Mon Jul 22 03:12:48 2002
+++ edited/fs/stat.c	Tue Oct 15 23:49:19 2002
@@ -39,8 +39,7 @@
 	struct inode *inode = dentry->d_inode;
 	int retval;
 
-	retval = security_ops->inode_getattr(mnt, dentry);
-	if (retval)
+	if ((retval = security_inode_getattr(mnt, dentry)))
 		return retval;
 
 	if (inode->i_op->getattr)
@@ -238,8 +237,7 @@
 
 		error = -EINVAL;
 		if (inode->i_op && inode->i_op->readlink) {
-			error = security_ops->inode_readlink(nd.dentry);
-			if (!error) {
+			if (!(error = security_inode_readlink(nd.dentry))) {
 				UPDATE_ATIME(inode);
 				error = inode->i_op->readlink(nd.dentry, buf, bufsiz);
 			}
===== fs/super.c 1.83 vs edited =====
--- 1.83/fs/super.c	Mon Sep  9 14:00:57 2002
+++ edited/fs/super.c	Tue Oct 15 23:18:44 2002
@@ -29,9 +29,9 @@
 #include <linux/quotaops.h>
 #include <linux/namei.h>
 #include <linux/buffer_head.h>		/* for fsync_super() */
+#include <linux/security.h>
 #include <asm/uaccess.h>
 
-#include <linux/security.h>
 
 void get_filesystem(struct file_system_type *fs);
 void put_filesystem(struct file_system_type *fs);
@@ -51,7 +51,7 @@
 	struct super_block *s = kmalloc(sizeof(struct super_block),  GFP_USER);
 	if (s) {
 		memset(s, 0, sizeof(struct super_block));
-		if (security_ops->sb_alloc_security(s)) {
+		if (security_sb_alloc(s)) {
 			kfree(s);
 			s = NULL;
 			goto out;
@@ -85,7 +85,7 @@
  */
 static inline void destroy_super(struct super_block *s)
 {
-	security_ops->sb_free_security(s);
+	security_sb_free(s);
 	kfree(s);
 }
 
===== fs/xattr.c 1.7 vs edited =====
--- 1.7/fs/xattr.c	Mon Jul 22 03:12:48 2002
+++ edited/fs/xattr.c	Tue Oct 15 23:51:34 2002
@@ -13,6 +13,7 @@
 #include <linux/file.h>
 #include <linux/xattr.h>
 #include <linux/namei.h>
+#include <linux/security.h>
 #include <asm/uaccess.h>
 
 /*
@@ -85,9 +86,7 @@
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->setxattr) {
-		error = security_ops->inode_setxattr(d, kname, kvalue,
-				size, flags);
-		if (error)
+		if ((error = security_inode_setxattr(d, kname, kvalue, size, flags)))
 			goto out;
 		down(&d->d_inode->i_sem);
 		error = d->d_inode->i_op->setxattr(d, kname, kvalue, size, flags);
@@ -163,8 +162,7 @@
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->getxattr) {
-		error = security_ops->inode_getxattr(d, kname);
-		if (error)
+		if ((error = security_inode_getxattr(d, kname)))
 			goto out;
 		down(&d->d_inode->i_sem);
 		error = d->d_inode->i_op->getxattr(d, kname, kvalue, size);
@@ -236,8 +234,7 @@
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->listxattr) {
-		error = security_ops->inode_listxattr(d);
-		if (error)
+		if ((error = security_inode_listxattr(d)))
 			goto out;
 		down(&d->d_inode->i_sem);
 		error = d->d_inode->i_op->listxattr(d, klist, size);
@@ -311,8 +308,7 @@
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->removexattr) {
-		error = security_ops->inode_removexattr(d, kname);
-		if (error)
+		if ((error = security_inode_removexattr(d, kname)))
 			goto out;
 		down(&d->d_inode->i_sem);
 		error = d->d_inode->i_op->removexattr(d, kname);
===== fs/proc/base.c 1.31 vs edited =====
--- 1.31/fs/proc/base.c	Sat Sep 28 08:36:29 2002
+++ edited/fs/proc/base.c	Tue Oct 15 23:22:02 2002
@@ -28,6 +28,7 @@
 #include <linux/namespace.h>
 #include <linux/mm.h>
 #include <linux/smp_lock.h>
+#include <linux/security.h>
 
 /*
  * For hysterical raisins we keep the same inumbers as in the old procfs.
@@ -394,7 +395,7 @@
 };
 
 #define MAY_PTRACE(p) \
-(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ops->ptrace(current,p)==0))
+(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ptrace(current,p)==0))
 
 
 static int mem_open(struct inode* inode, struct file* file)
===== include/linux/sched.h 1.107 vs edited =====
--- 1.107/include/linux/sched.h	Tue Oct 15 15:32:40 2002
+++ edited/include/linux/sched.h	Tue Oct 15 22:24:46 2002
@@ -596,9 +596,11 @@
 		       unsigned long, const char *, void *);
 extern void free_irq(unsigned int, void *);
 
+
+#ifdef CONFIG_SECURITY
 /* capable prototype and code moved to security.[hc] */
 #include <linux/security.h>
-#if 0
+#else
 static inline int capable(int cap)
 {
 	if (cap_raised(current->cap_effective, cap)) {
@@ -607,7 +609,7 @@
 	}
 	return 0;
 }
-#endif	/* if 0 */
+#endif
 
 /*
  * Routines for handling mm_structs
===== include/linux/security.h 1.4 vs edited =====
--- 1.4/include/linux/security.h	Tue Oct  8 02:20:18 2002
+++ edited/include/linux/security.h	Wed Oct 16 01:03:50 2002
@@ -22,8 +22,6 @@
 #ifndef __LINUX_SECURITY_H
 #define __LINUX_SECURITY_H
 
-#ifdef __KERNEL__
-
 #include <linux/fs.h>
 #include <linux/binfmts.h>
 #include <linux/signal.h>
@@ -33,6 +31,7 @@
 #include <linux/shm.h>
 #include <linux/msg.h>
 
+
 /*
  * Values used in the task_security_ops calls
  */
@@ -848,6 +847,533 @@
 	                            struct security_operations *ops);
 };
 
+#ifdef CONFIG_SECURITY
+
+/* global variables */
+extern struct security_operations *security_ops;
+
+/* inline stuff */
+static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
+{
+	return security_ops->ptrace (parent, child);
+}
+
+static inline int security_capget (struct task_struct *target,
+				   kernel_cap_t *effective,
+				   kernel_cap_t *inheritable,
+				   kernel_cap_t *permitted)
+{
+	return security_ops->capget (target, effective, inheritable, permitted);
+}
+
+static inline int security_capset_check (struct task_struct *target,
+					 kernel_cap_t *effective,
+					 kernel_cap_t *inheritable,
+					 kernel_cap_t *permitted)
+{
+	return security_ops->capset_check (target, effective, inheritable, permitted);
+}
+
+static inline void security_capset_set (struct task_struct *target,
+					kernel_cap_t *effective,
+					kernel_cap_t *inheritable,
+					kernel_cap_t *permitted)
+{
+	security_ops->capset_set (target, effective, inheritable, permitted);
+}
+
+static inline int security_acct (struct file *file)
+{
+	return security_ops->acct (file);
+}
+
+static inline int security_quotactl (int cmds, int type, int id,
+				     struct super_block *sb)
+{
+	return security_ops->quotactl (cmds, type, id, sb);
+}
+
+static inline int security_quota_on (struct file * file)
+{
+	return security_ops->quota_on (file);
+}
+
+static inline int security_bprm_alloc (struct linux_binprm *bprm)
+{
+	return security_ops->bprm_alloc_security (bprm);
+}
+static inline void security_bprm_free (struct linux_binprm *bprm)
+{
+	security_ops->bprm_free_security (bprm);
+}
+static inline void security_bprm_compute_creds (struct linux_binprm *bprm)
+{
+	security_ops->bprm_compute_creds (bprm);
+}
+static inline int security_bprm_set (struct linux_binprm *bprm)
+{
+	return security_ops->bprm_set_security (bprm);
+}
+static inline int security_bprm_check (struct linux_binprm *bprm)
+{
+	return security_ops->bprm_check_security (bprm);
+}
+
+static inline int security_sb_alloc (struct super_block *sb)
+{
+	return security_ops->sb_alloc_security (sb);
+}
+
+static inline void security_sb_free (struct super_block *sb)
+{
+	security_ops->sb_free_security (sb);
+}
+
+static inline int security_sb_statfs (struct super_block *sb)
+{
+	return security_ops->sb_statfs (sb);
+}
+
+static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
+				    char *type, unsigned long flags,
+				    void *data)
+{
+	return security_ops->sb_mount (dev_name, nd, type, flags, data);
+}
+
+static inline int security_sb_check_sb (struct vfsmount *mnt,
+					struct nameidata *nd)
+{
+	return security_ops->sb_check_sb (mnt, nd);
+}
+
+static inline int security_sb_umount (struct vfsmount *mnt, int flags)
+{
+	return security_ops->sb_umount (mnt, flags);
+}
+
+static inline void security_sb_umount_close (struct vfsmount *mnt)
+{
+	security_ops->sb_umount_close (mnt);
+}
+
+static inline void security_sb_umount_busy (struct vfsmount *mnt)
+{
+	security_ops->sb_umount_busy (mnt);
+}
+
+static inline void security_sb_post_remount (struct vfsmount *mnt,
+					     unsigned long flags, void *data)
+{
+	security_ops->sb_post_remount (mnt, flags, data);
+}
+
+static inline void security_sb_post_mountroot (void)
+{
+	security_ops->sb_post_mountroot ();
+}
+
+static inline void security_sb_post_addmount (struct vfsmount *mnt,
+					      struct nameidata *mountpoint_nd)
+{
+	security_ops->sb_post_addmount (mnt, mountpoint_nd);
+}
+
+static inline int security_sb_pivotroot (struct nameidata *old_nd,
+					 struct nameidata *new_nd)
+{
+	return security_ops->sb_pivotroot (old_nd, new_nd);
+}
+
+static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
+					       struct nameidata *new_nd)
+{
+	security_ops->sb_post_pivotroot (old_nd, new_nd);
+}
+
+static inline int security_inode_alloc (struct inode *inode)
+{
+	return security_ops->inode_alloc_security (inode);
+}
+
+static inline void security_inode_free (struct inode *inode)
+{
+	security_ops->inode_free_security (inode);
+}
+	
+static inline int security_inode_create (struct inode *dir,
+					 struct dentry *dentry,
+					 int mode)
+{
+	return security_ops->inode_create (dir, dentry, mode);
+}
+
+static inline void security_inode_post_create (struct inode *dir,
+					       struct dentry *dentry,
+					       int mode)
+{
+	security_ops->inode_post_create (dir, dentry, mode);
+}
+
+static inline int security_inode_link (struct dentry *old_dentry,
+				       struct inode *dir,
+				       struct dentry *new_dentry)
+{
+	return security_ops->inode_link (old_dentry, dir, new_dentry);
+}
+
+static inline void security_inode_post_link (struct dentry *old_dentry,
+					     struct inode *dir,
+					     struct dentry *new_dentry)
+{
+	security_ops->inode_post_link (old_dentry, dir, new_dentry);
+}
+
+static inline int security_inode_unlink (struct inode *dir,
+					 struct dentry *dentry)
+{
+	return security_ops->inode_unlink (dir, dentry);
+}
+
+static inline int security_inode_symlink (struct inode *dir,
+					  struct dentry *dentry,
+					  const char *old_name)
+{
+	return security_ops->inode_symlink (dir, dentry, old_name);
+}
+
+static inline void security_inode_post_symlink (struct inode *dir,
+						struct dentry *dentry,
+						const char *old_name)
+{
+	security_ops->inode_post_symlink (dir, dentry, old_name);
+}
+
+static inline int security_inode_mkdir (struct inode *dir,
+					struct dentry *dentry,
+					int mode)
+{
+	return security_ops->inode_mkdir (dir, dentry, mode);
+}
+
+static inline void security_inode_post_mkdir (struct inode *dir,
+					      struct dentry *dentry,
+					      int mode)
+{
+	security_ops->inode_post_mkdir (dir, dentry, mode);
+}
+
+static inline int security_inode_rmdir (struct inode *dir,
+					struct dentry *dentry)
+{
+	return security_ops->inode_rmdir (dir, dentry);
+}
+
+static inline int security_inode_mknod (struct inode *dir,
+					struct dentry *dentry,
+					int mode, dev_t dev)
+{
+	return security_ops->inode_mknod (dir, dentry, mode, dev);
+}
+
+static inline void security_inode_post_mknod (struct inode *dir,
+					      struct dentry *dentry,
+					      int mode, dev_t dev)
+{
+	security_ops->inode_post_mknod (dir, dentry, mode, dev);
+}
+
+static inline int security_inode_rename (struct inode *old_dir,
+					 struct dentry *old_dentry,
+					 struct inode *new_dir,
+					 struct dentry *new_dentry)
+{
+	return security_ops->inode_rename (old_dir, old_dentry,
+					   new_dir, new_dentry);
+}
+
+static inline void security_inode_post_rename (struct inode *old_dir,
+					       struct dentry *old_dentry,
+					       struct inode *new_dir,
+					       struct dentry *new_dentry)
+{
+	security_ops->inode_post_rename (old_dir, old_dentry,
+						new_dir, new_dentry);
+}
+
+static inline int security_inode_readlink (struct dentry *dentry)
+{
+	return security_ops->inode_readlink (dentry);
+}
+
+static inline int security_inode_follow_link (struct dentry *dentry,
+					      struct nameidata *nd)
+{
+	return security_ops->inode_follow_link (dentry, nd);
+}
+
+static inline int security_inode_permission (struct inode *inode, int mask)
+{
+	return security_ops->inode_permission (inode, mask);
+}
+
+static inline int security_inode_permission_lite (struct inode *inode,
+						  int mask)
+{
+	return security_ops->inode_permission_lite (inode, mask);
+}
+
+static inline int security_inode_setattr (struct dentry *dentry,
+					  struct iattr *attr)
+{
+	return security_ops->inode_setattr (dentry, attr);
+}
+
+static inline int security_inode_getattr (struct vfsmount *mnt,
+					  struct dentry *dentry)
+{
+	return security_ops->inode_getattr (mnt, dentry);
+}
+
+static inline void security_inode_post_lookup (struct inode *inode,
+					       struct dentry *dentry)
+{
+	security_ops->inode_post_lookup (inode, dentry);
+}
+
+static inline void security_inode_delete (struct inode *inode)
+{
+	security_ops->inode_delete (inode);
+}
+
+static inline int security_inode_setxattr (struct dentry *dentry, char *name,
+					   void *value, size_t size, int flags)
+{
+	return security_ops->inode_setxattr (dentry, name, value, size, flags);
+}
+
+static inline int security_inode_getxattr (struct dentry *dentry, char *name)
+{
+	return security_ops->inode_getxattr (dentry, name);
+}
+
+static inline int security_inode_listxattr (struct dentry *dentry)
+{
+	return security_ops->inode_listxattr (dentry);
+}
+
+static inline int security_inode_removexattr (struct dentry *dentry, char *name)
+{
+	return security_ops->inode_removexattr (dentry, name);
+}
+
+static inline int security_file_permission (struct file *file, int mask)
+{
+	return security_ops->file_permission (file, mask);
+}
+
+static inline int security_file_alloc (struct file *file)
+{
+	return security_ops->file_alloc_security (file);
+}
+
+static inline void security_file_free (struct file *file)
+{
+	security_ops->file_free_security (file);
+}
+
+static inline int security_file_llseek (struct file *file)
+{
+	return security_ops->file_llseek (file);
+}
+
+static inline int security_file_ioctl (struct file *file, unsigned int cmd,
+				       unsigned long arg)
+{
+	return security_ops->file_ioctl (file, cmd, arg);
+}
+
+static inline int security_file_mmap (struct file *file, unsigned long prot,
+				      unsigned long flags)
+{
+	return security_ops->file_mmap (file, prot, flags);
+}
+
+static inline int security_file_mprotect (struct vm_area_struct *vma,
+					  unsigned long prot)
+{
+	return security_ops->file_mprotect (vma, prot);
+}
+
+static inline int security_file_lock (struct file *file, unsigned int cmd)
+{
+	return security_ops->file_lock (file, cmd);
+}
+
+static inline int security_file_fcntl (struct file *file, unsigned int cmd,
+				       unsigned long arg)
+{
+	return security_ops->file_fcntl (file, cmd, arg);
+}
+
+static inline int security_file_set_fowner (struct file *file)
+{
+	return security_ops->file_set_fowner (file);
+}
+
+static inline int security_file_send_sigiotask (struct task_struct *tsk,
+						struct fown_struct *fown,
+						int fd, int reason)
+{
+	return security_ops->file_send_sigiotask (tsk, fown, fd, reason);
+}
+
+static inline int security_file_receive (struct file *file)
+{
+	return security_ops->file_receive (file);
+}
+
+static inline int security_task_create (unsigned long clone_flags)
+{
+	return security_ops->task_create (clone_flags);
+}
+
+static inline int security_task_alloc (struct task_struct *p)
+{
+	return security_ops->task_alloc_security (p);
+}
+
+static inline void security_task_free (struct task_struct *p)
+{
+	security_ops->task_free_security (p);
+}
+
+static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2,
+					int flags)
+{
+	return security_ops->task_setuid (id0, id1, id2, flags);
+}
+
+static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid,
+					     uid_t old_suid, int flags)
+{
+	return security_ops->task_post_setuid (old_ruid, old_euid, old_suid, flags);
+}
+
+static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2,
+					int flags)
+{
+	return security_ops->task_setgid (id0, id1, id2, flags);
+}
+
+static inline int security_task_setpgid (struct task_struct *p, pid_t pgid)
+{
+	return security_ops->task_setpgid (p, pgid);
+}
+
+static inline int security_task_getpgid (struct task_struct *p)
+{
+	return security_ops->task_getpgid (p);
+}
+
+static inline int security_task_getsid (struct task_struct *p)
+{
+	return security_ops->task_getsid (p);
+}
+
+static inline int security_task_setgroups (int gidsetsize, gid_t *grouplist)
+{
+	return security_ops->task_setgroups (gidsetsize, grouplist);
+}
+
+static inline int security_task_setnice (struct task_struct *p, int nice)
+{
+	return security_ops->task_setnice (p, nice);
+}
+
+static inline int security_task_setrlimit (unsigned int resource,
+					   struct rlimit *new_rlim)
+{
+	return security_ops->task_setrlimit (resource, new_rlim);
+}
+
+static inline int security_task_setscheduler (struct task_struct *p,
+					      int policy,
+					      struct sched_param *lp)
+{
+	return security_ops->task_setscheduler (p, policy, lp);
+}
+
+static inline int security_task_getscheduler (struct task_struct *p)
+{
+	return security_ops->task_getscheduler (p);
+}
+
+static inline int security_task_kill (struct task_struct *p,
+				      struct siginfo *info, int sig)
+{
+	return security_ops->task_kill (p, info, sig);
+}
+
+static inline int security_task_wait (struct task_struct *p)
+{
+	return security_ops->task_wait (p);
+}
+
+static inline int security_task_prctl (int option, unsigned long arg2,
+				       unsigned long arg3,
+				       unsigned long arg4,
+				       unsigned long arg5)
+{
+	return security_ops->task_prctl (option, arg2, arg3, arg4, arg5);
+}
+
+static inline void security_task_kmod_set_label (void)
+{
+	security_ops->task_kmod_set_label ();
+}
+
+static inline void security_task_reparent_to_init (struct task_struct *p)
+{
+	security_ops->task_reparent_to_init (p);
+}
+
+static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
+					   short flag)
+{
+	return security_ops->ipc_permission (ipcp, flag);
+}
+
+static inline int security_msg_queue_alloc (struct msg_queue *msq)
+{
+	return security_ops->msg_queue_alloc_security (msq);
+}
+
+static inline void security_msg_queue_free (struct msg_queue *msq)
+{
+	security_ops->msg_queue_free_security (msq);
+}
+
+static inline int security_shm_alloc (struct shmid_kernel *shp)
+{
+	return security_ops->shm_alloc_security (shp);
+}
+
+static inline void security_shm_free (struct shmid_kernel *shp)
+{
+	security_ops->shm_free_security (shp);
+}
+
+static inline int security_sem_alloc (struct sem_array *sma)
+{
+	return security_ops->sem_alloc_security (sma);
+}
+
+static inline void security_sem_free (struct sem_array *sma)
+{
+	security_ops->sem_free_security (sma);
+}
+
 
 /* prototypes */
 extern int security_scaffolding_startup	(void);
@@ -857,11 +1383,481 @@
 extern int mod_unreg_security	(const char *name, struct security_operations *ops);
 extern int capable		(int cap);
 
-/* global variables */
-extern struct security_operations *security_ops;
 
+#else /* CONFIG_SECURITY */
+
+static inline int security_scaffolding_startup (void) { return 0; }
+
+static inline int security_ptrace (struct task_struct *parent, struct task_struct * child)
+{
+	return 0;
+}
+
+static inline int security_capget (struct task_struct *target,
+				   kernel_cap_t *effective,
+				   kernel_cap_t *inheritable,
+				   kernel_cap_t *permitted)
+{
+	return 0;
+}
+
+static inline int security_capset_check (struct task_struct *target,
+					 kernel_cap_t *effective,
+					 kernel_cap_t *inheritable,
+					 kernel_cap_t *permitted)
+{
+	return 0;
+}
+
+static inline void security_capset_set (struct task_struct *target,
+					kernel_cap_t *effective,
+					kernel_cap_t *inheritable,
+					kernel_cap_t *permitted)
+{ }
+
+static inline int security_acct (struct file *file)
+{
+	return 0;
+}
+
+static inline int security_quotactl (int cmds, int type, int id,
+				     struct super_block * sb)
+{
+	return 0;
+}
+
+static inline int security_quota_on (struct file * file)
+{
+	return 0;
+}
+
+static inline int security_bprm_alloc (struct linux_binprm *bprm)
+{
+	return 0;
+}
+static inline void security_bprm_free (struct linux_binprm *bprm)
+{ }
+static inline void security_bprm_compute_creds (struct linux_binprm *bprm)
+{ }
+static inline int security_bprm_set (struct linux_binprm *bprm)
+{
+	return 0;
+}
+static inline int security_bprm_check (struct linux_binprm *bprm)
+{
+	return 0;
+}
+
+static inline int security_sb_alloc (struct super_block *sb)
+{
+	return 0;
+}
+
+static inline void security_sb_free (struct super_block *sb)
+{ }
+
+static inline int security_sb_statfs (struct super_block *sb)
+{
+	return 0;
+}
+
+static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
+				    char *type, unsigned long flags,
+				    void *data)
+{
+	return 0;
+}
+
+static inline int security_sb_check_sb (struct vfsmount *mnt,
+					struct nameidata *nd)
+{
+	return 0;
+}
+
+static inline int security_sb_umount (struct vfsmount *mnt, int flags)
+{
+	return 0;
+}
+
+static inline void security_sb_umount_close (struct vfsmount *mnt)
+{ }
+
+static inline void security_sb_umount_busy (struct vfsmount *mnt)
+{ }
+
+static inline void security_sb_post_remount (struct vfsmount *mnt,
+					     unsigned long flags, void *data)
+{ }
+
+static inline void security_sb_post_mountroot (void)
+{ }
+
+static inline void security_sb_post_addmount (struct vfsmount *mnt,
+					      struct nameidata *mountpoint_nd)
+{ }
+
+static inline int security_sb_pivotroot (struct nameidata *old_nd,
+					 struct nameidata *new_nd)
+{
+	return 0;
+}
+
+static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
+					       struct nameidata *new_nd)
+{ }
+
+static inline int security_inode_alloc (struct inode *inode)
+{
+	return 0;
+}
+
+static inline void security_inode_free (struct inode *inode)
+{ }
+	
+static inline int security_inode_create (struct inode *dir,
+					 struct dentry *dentry,
+					 int mode)
+{
+	return 0;
+}
+
+static inline void security_inode_post_create (struct inode *dir,
+					       struct dentry *dentry,
+					       int mode)
+{ }
+
+static inline int security_inode_link (struct dentry *old_dentry,
+				       struct inode *dir,
+				       struct dentry *new_dentry)
+{
+	return 0;
+}
+
+static inline void security_inode_post_link (struct dentry *old_dentry,
+					     struct inode *dir,
+					     struct dentry *new_dentry)
+{ }
+
+static inline int security_inode_unlink (struct inode *dir,
+					 struct dentry *dentry)
+{
+	return 0;
+}
+
+static inline int security_inode_symlink (struct inode *dir,
+					  struct dentry *dentry,
+					  const char *old_name)
+{
+	return 0;
+}
+
+static inline void security_inode_post_symlink (struct inode *dir,
+						struct dentry *dentry,
+						const char *old_name)
+{ }
+
+static inline int security_inode_mkdir (struct inode *dir,
+					struct dentry *dentry,
+					int mode)
+{
+	return 0;
+}
+
+static inline void security_inode_post_mkdir (struct inode *dir,
+					      struct dentry *dentry,
+					      int mode)
+{ }
+
+static inline int security_inode_rmdir (struct inode *dir,
+					struct dentry *dentry)
+{
+	return 0;
+}
+
+static inline int security_inode_mknod (struct inode *dir,
+					struct dentry *dentry,
+					int mode, dev_t dev)
+{
+	return 0;
+}
+
+static inline void security_inode_post_mknod (struct inode *dir,
+					      struct dentry *dentry,
+					      int mode, dev_t dev)
+{ }
+
+static inline int security_inode_rename (struct inode *old_dir,
+					 struct dentry *old_dentry,
+					 struct inode *new_dir,
+					 struct dentry *new_dentry)
+{
+	return 0;
+}
+
+static inline void security_inode_post_rename (struct inode *old_dir,
+					       struct dentry *old_dentry,
+					       struct inode *new_dir,
+					       struct dentry *new_dentry)
+{ }
+
+static inline int security_inode_readlink (struct dentry *dentry)
+{
+	return 0;
+}
+
+static inline int security_inode_follow_link (struct dentry *dentry,
+					      struct nameidata *nd)
+{
+	return 0;
+}
+
+static inline int security_inode_permission (struct inode *inode, int mask)
+{
+	return 0;
+}
+
+static inline int security_inode_permission_lite (struct inode *inode,
+						  int mask)
+{
+	return 0;
+}
+
+static inline int security_inode_setattr (struct dentry *dentry,
+					  struct iattr *attr)
+{
+	return 0;
+}
+
+static inline int security_inode_getattr (struct vfsmount *mnt,
+					  struct dentry *dentry)
+{
+	return 0;
+}
+
+static inline void security_inode_post_lookup (struct inode *inode,
+					       struct dentry *dentry)
+{ }
+
+static inline void security_inode_delete (struct inode *inode)
+{ }
+
+static inline int security_inode_setxattr (struct dentry *dentry, char *name,
+					   void *value, size_t size, int flags)
+{
+	return 0;
+}
+
+static inline int security_inode_getxattr (struct dentry *dentry, char *name)
+{
+	return 0;
+}
+
+static inline int security_inode_listxattr (struct dentry *dentry)
+{
+	return 0;
+}
+
+static inline int security_inode_removexattr (struct dentry *dentry, char *name)
+{
+	return 0;
+}
+
+static inline int security_file_permission (struct file *file, int mask)
+{
+	return 0;
+}
+
+static inline int security_file_alloc (struct file *file)
+{
+	return 0;
+}
+
+static inline void security_file_free (struct file *file)
+{ }
+
+static inline int security_file_llseek (struct file *file)
+{
+	return 0;
+}
+
+static inline int security_file_ioctl (struct file *file, unsigned int cmd,
+				       unsigned long arg)
+{
+	return 0;
+}
+
+static inline int security_file_mmap (struct file *file, unsigned long prot,
+				      unsigned long flags)
+{
+	return 0;
+}
+
+static inline int security_file_mprotect (struct vm_area_struct *vma,
+					  unsigned long prot)
+{
+	return 0;
+}
+
+static inline int security_file_lock (struct file *file, unsigned int cmd)
+{
+	return 0;
+}
+
+static inline int security_file_fcntl (struct file *file, unsigned int cmd,
+				       unsigned long arg)
+{
+	return 0;
+}
+
+static inline int security_file_set_fowner (struct file *file)
+{
+	return 0;
+}
+
+static inline int security_file_send_sigiotask (struct task_struct *tsk,
+						struct fown_struct *fown,
+						int fd, int reason)
+{
+	return 0;
+}
+
+static inline int security_file_receive (struct file *file)
+{
+	return 0;
+}
+
+static inline int security_task_create (unsigned long clone_flags)
+{
+	return 0;
+}
+
+static inline int security_task_alloc (struct task_struct *p)
+{
+	return 0;
+}
+
+static inline void security_task_free (struct task_struct *p)
+{ }
+
+static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2,
+					int flags)
+{
+	return 0;
+}
+
+static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid,
+					     uid_t old_suid, int flags)
+{
+	return 0;
+}
+
+static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2,
+					int flags)
+{
+	return 0;
+}
+
+static inline int security_task_setpgid (struct task_struct *p, pid_t pgid)
+{
+	return 0;
+}
+
+static inline int security_task_getpgid (struct task_struct *p)
+{
+	return 0;
+}
+
+static inline int security_task_getsid (struct task_struct *p)
+{
+	return 0;
+}
+
+static inline int security_task_setgroups (int gidsetsize, gid_t *grouplist)
+{
+	return 0;
+}
+
+static inline int security_task_setnice (struct task_struct *p, int nice)
+{
+	return 0;
+}
+
+static inline int security_task_setrlimit (unsigned int resource,
+					   struct rlimit *new_rlim)
+{
+	return 0;
+}
+
+static inline int security_task_setscheduler (struct task_struct *p,
+					      int policy,
+					      struct sched_param *lp)
+{
+	return 0;
+}
+
+static inline int security_task_getscheduler (struct task_struct *p)
+{
+	return 0;
+}
+
+static inline int security_task_kill (struct task_struct *p,
+				      struct siginfo *info, int sig)
+{
+	return 0;
+}
+
+static inline int security_task_wait (struct task_struct *p)
+{
+	return 0;
+}
+
+static inline int security_task_prctl (int option, unsigned long arg2,
+				       unsigned long arg3,
+				       unsigned long arg4,
+				       unsigned long arg5)
+{
+	return 0;
+}
+
+static inline void security_task_kmod_set_label (void)
+{ }
+
+static inline void security_task_reparent_to_init (struct task_struct *p)
+{ }
+
+static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
+					   short flag)
+{
+	return 0;
+}
+
+static inline int security_msg_queue_alloc (struct msg_queue *msq)
+{
+	return 0;
+}
+
+static inline void security_msg_queue_free (struct msg_queue *msq)
+{ }
+
+static inline int security_shm_alloc (struct shmid_kernel *shp)
+{
+	return 0;
+}
+
+static inline void security_shm_free (struct shmid_kernel *shp)
+{ }
+
+static inline int security_sem_alloc (struct sem_array *sma)
+{
+	return 0;
+}
+
+static inline void security_sem_free (struct sem_array *sma)
+{ }
+
+
+#endif	/* CONFIG_SECURITY */
 
-#endif /* __KERNEL__ */
 
 #endif /* ! __LINUX_SECURITY_H */
 
===== init/do_mounts.c 1.25 vs edited =====
--- 1.25/init/do_mounts.c	Fri Oct  4 13:51:37 2002
+++ edited/init/do_mounts.c	Wed Oct 16 00:36:15 2002
@@ -12,6 +12,7 @@
 #include <linux/init.h>
 #include <linux/suspend.h>
 #include <linux/root_dev.h>
+#include <linux/security.h>
 
 #include <linux/nfs_fs.h>
 #include <linux/nfs_fs_sb.h>
@@ -799,7 +800,7 @@
 	sys_umount("/dev", 0);
 	sys_mount(".", "/", NULL, MS_MOVE, NULL);
 	sys_chroot(".");
-	security_ops->sb_post_mountroot();
+	security_sb_post_mountroot();
 	mount_devfs_fs ();
 }
 
===== ipc/msg.c 1.7 vs edited =====
--- 1.7/ipc/msg.c	Tue Oct  8 02:20:42 2002
+++ edited/ipc/msg.c	Wed Oct 16 00:37:48 2002
@@ -101,15 +101,14 @@
 	msq->q_perm.key = key;
 
 	msq->q_perm.security = NULL;
-	retval = security_ops->msg_queue_alloc_security(msq);
-	if (retval) {
+	if ((retval = security_msg_queue_alloc(msq))) {
 		kfree(msq);
 		return retval;
 	}
 
 	id = ipc_addid(&msg_ids, &msq->q_perm, msg_ctlmni);
 	if(id == -1) {
-		security_ops->msg_queue_free_security(msq);
+		security_msg_queue_free(msq);
 		kfree(msq);
 		return -ENOSPC;
 	}
@@ -281,7 +280,7 @@
 		free_msg(msg);
 	}
 	atomic_sub(msq->q_cbytes, &msg_bytes);
-	security_ops->msg_queue_free_security(msq);
+	security_msg_queue_free(msq);
 	kfree(msq);
 }
 
===== ipc/sem.c 1.12 vs edited =====
--- 1.12/ipc/sem.c	Tue Oct  8 02:20:46 2002
+++ edited/ipc/sem.c	Wed Oct 16 00:38:28 2002
@@ -136,15 +136,14 @@
 	sma->sem_perm.key = key;
 
 	sma->sem_perm.security = NULL;
-	retval = security_ops->sem_alloc_security(sma);
-	if (retval) {
+	if ((retval = security_sem_alloc(sma))) {
 		ipc_free(sma, size);
 		return retval;
 	}
 
 	id = ipc_addid(&sem_ids, &sma->sem_perm, sc_semmni);
 	if(id == -1) {
-		security_ops->sem_free_security(sma);
+		security_sem_free(sma);
 		ipc_free(sma, size);
 		return -ENOSPC;
 	}
@@ -427,7 +426,7 @@
 
 	used_sems -= sma->sem_nsems;
 	size = sizeof (*sma) + sma->sem_nsems * sizeof (struct sem);
-	security_ops->sem_free_security(sma);
+	security_sem_free(sma);
 	ipc_free(sma, size);
 }
 
===== ipc/shm.c 1.18 vs edited =====
--- 1.18/ipc/shm.c	Tue Oct  8 02:29:20 2002
+++ edited/ipc/shm.c	Wed Oct 16 00:39:00 2002
@@ -116,7 +116,7 @@
 	shm_unlock(shp->id);
 	shmem_lock(shp->shm_file, 0);
 	fput (shp->shm_file);
-	security_ops->shm_free_security(shp);
+	security_shm_free(shp);
 	kfree (shp);
 }
 
@@ -188,8 +188,7 @@
 	shp->shm_flags = (shmflg & S_IRWXUGO);
 
 	shp->shm_perm.security = NULL;
-	error = security_ops->shm_alloc_security(shp);
-	if (error) {
+	if ((error = security_shm_alloc(shp))) {
 		kfree(shp);
 		return error;
 	}
@@ -222,7 +221,7 @@
 no_id:
 	fput(file);
 no_file:
-	security_ops->shm_free_security(shp);
+	security_shm_free(shp);
 	kfree(shp);
 	return error;
 }
===== ipc/util.c 1.6 vs edited =====
--- 1.6/ipc/util.c	Tue Oct  8 02:01:30 2002
+++ edited/ipc/util.c	Wed Oct 16 00:39:12 2002
@@ -264,7 +264,7 @@
 	    !capable(CAP_IPC_OWNER))
 		return -1;
 
-	return security_ops->ipc_permission(ipcp, flag);
+	return security_ipc_permission(ipcp, flag);
 }
 
 /*
===== kernel/acct.c 1.12 vs edited =====
--- 1.12/kernel/acct.c	Mon Jul 22 03:12:48 2002
+++ edited/kernel/acct.c	Tue Oct 15 22:53:28 2002
@@ -49,6 +49,7 @@
 #include <linux/acct.h>
 #include <linux/file.h>
 #include <linux/tty.h>
+#include <linux/security.h>
 #include <asm/uaccess.h>
 
 /*
@@ -222,8 +223,7 @@
 		}
 	}
 
-	error = security_ops->acct(file);
-	if (error)
+	if ((error = security_acct(file)))
 		return error;
 
 	spin_lock(&acct_globals.lock);
===== kernel/capability.c 1.6 vs edited =====
--- 1.6/kernel/capability.c	Sat Sep 14 06:18:49 2002
+++ edited/kernel/capability.c	Tue Oct 15 22:34:12 2002
@@ -8,6 +8,7 @@
  */ 
 
 #include <linux/mm.h>
+#include <linux/security.h>
 #include <asm/uaccess.h>
 
 unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */
@@ -63,7 +64,7 @@
      data.permitted = cap_t(target->cap_permitted);
      data.inheritable = cap_t(target->cap_inheritable); 
      data.effective = cap_t(target->cap_effective);
-     ret = security_ops->capget(target, &data.effective, &data.inheritable, &data.permitted);
+     ret = security_capget(target, &data.effective, &data.inheritable, &data.permitted);
 
 out:
      read_unlock(&tasklist_lock); 
@@ -88,7 +89,7 @@
      do_each_thread(g, target) {
              if (target->pgrp != pgrp)
                      continue;
-	     security_ops->capset_set(target, effective, inheritable, permitted);
+	     security_capset_set(target, effective, inheritable, permitted);
      } while_each_thread(g, target);
 }
 
@@ -105,7 +106,7 @@
      do_each_thread(g, target) {
              if (target == current || target->pid == 1)
                      continue;
-	     security_ops->capset_set(target, effective, inheritable, permitted);
+	     security_capset_set(target, effective, inheritable, permitted);
      } while_each_thread(g, target);
 }
 
@@ -163,7 +164,7 @@
 
      ret = -EPERM;
 
-     if (security_ops->capset_check(target, &effective, &inheritable, &permitted))
+     if (security_capset_check(target, &effective, &inheritable, &permitted))
 	     goto out;
 
      if (!cap_issubset(inheritable, cap_combine(target->cap_inheritable,
@@ -190,7 +191,7 @@
              else            /* all procs in process group */
                      cap_set_pg(-pid, &effective, &inheritable, &permitted);
      } else {
-	     security_ops->capset_set(target, &effective, &inheritable, &permitted);
+	     security_capset_set(target, &effective, &inheritable, &permitted);
      }
 
 out:
===== kernel/exit.c 1.72 vs edited =====
--- 1.72/kernel/exit.c	Tue Oct 15 15:08:06 2002
+++ edited/kernel/exit.c	Wed Oct 16 00:35:10 2002
@@ -67,7 +67,7 @@
 		wait_task_inactive(p);
 
 	atomic_dec(&p->user->processes);
-	security_ops->task_free_security(p);
+	security_task_free(p);
 	free_uid(p->user);
 	write_lock_irq(&tasklist_lock);
 	if (unlikely(p->ptrace))
@@ -248,7 +248,7 @@
 	/* cpus_allowed? */
 	/* rt_priority? */
 	/* signals? */
-	security_ops->task_reparent_to_init(current);
+	security_task_reparent_to_init(current);
 	memcpy(current->rlim, init_task.rlim, sizeof(*(current->rlim)));
 	current->user = INIT_USER;
 
@@ -774,7 +774,7 @@
 	if (current->tgid != p->tgid && delay_group_leader(p))
 		return 2;
 
-	if (security_ops->task_wait(p))
+	if (security_task_wait(p))
 		return 0;
 
 	return 1;
===== kernel/fork.c 1.87 vs edited =====
--- 1.87/kernel/fork.c	Mon Oct  7 15:17:19 2002
+++ edited/kernel/fork.c	Wed Oct 16 00:28:30 2002
@@ -682,8 +682,7 @@
 	if ((clone_flags & CLONE_DETACHED) && !(clone_flags & CLONE_THREAD))
 		return ERR_PTR(-EINVAL);
 
-	retval = security_ops->task_create(clone_flags);
-	if (retval)
+	if ((retval = security_task_create(clone_flags)))
 		goto fork_out;
 
 	retval = -ENOMEM;
@@ -772,7 +771,7 @@
 	INIT_LIST_HEAD(&p->local_pages);
 
 	retval = -ENOMEM;
-	if (security_ops->task_alloc_security(p))
+	if (security_task_alloc(p))
 		goto bad_fork_cleanup;
 	/* copy all the process information */
 	if (copy_semundo(clone_flags, p))
@@ -922,7 +921,7 @@
 bad_fork_cleanup_semundo:
 	exit_semundo(p);
 bad_fork_cleanup_security:
-	security_ops->task_free_security(p);
+	security_task_free(p);
 bad_fork_cleanup:
 	if (p->pid > 0)
 		free_pidmap(p->pid);
===== kernel/kmod.c 1.15 vs edited =====
--- 1.15/kernel/kmod.c	Tue Oct  1 01:54:49 2002
+++ edited/kernel/kmod.c	Wed Oct 16 00:28:59 2002
@@ -29,6 +29,7 @@
 #include <linux/completion.h>
 #include <linux/file.h>
 #include <linux/workqueue.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 
@@ -134,7 +135,7 @@
 	/* Give kmod all effective privileges.. */
 	curtask->euid = curtask->fsuid = 0;
 	curtask->egid = curtask->fsgid = 0;
-	security_ops->task_kmod_set_label();
+	security_task_kmod_set_label();
 
 	/* Allow execve args to be in kernel space. */
 	set_fs(KERNEL_DS);
===== kernel/ptrace.c 1.18 vs edited =====
--- 1.18/kernel/ptrace.c	Sun Sep 15 19:57:15 2002
+++ edited/kernel/ptrace.c	Wed Oct 16 00:11:10 2002
@@ -14,6 +14,7 @@
 #include <linux/pagemap.h>
 #include <linux/smp_lock.h>
 #include <linux/ptrace.h>
+#include <linux/security.h>
 
 #include <asm/pgtable.h>
 #include <asm/uaccess.h>
@@ -100,8 +101,7 @@
 	/* the same process cannot be attached many times */
 	if (task->ptrace & PT_PTRACED)
 		goto bad;
-	retval = security_ops->ptrace(current, task);
-	if (retval)
+	if ((retval = security_ptrace(current, task)))
 		goto bad;
 
 	/* Go */
===== kernel/sched.c 1.140 vs edited =====
--- 1.140/kernel/sched.c	Mon Oct 14 05:30:06 2002
+++ edited/kernel/sched.c	Wed Oct 16 00:29:50 2002
@@ -1329,8 +1329,7 @@
 	if (nice > 19)
 		nice = 19;
 
-	retval = security_ops->task_setnice(current, nice);
-	if (retval)
+	if ((retval = security_task_setnice(current, nice)))
 		return retval;
 
 	set_user_nice(current, nice);
@@ -1451,8 +1450,7 @@
 	    !capable(CAP_SYS_NICE))
 		goto out_unlock;
 
-	retval = security_ops->task_setscheduler(p, policy, &lp);
-	if (retval)
+	if ((retval = security_task_setscheduler(p, policy, &lp)))
 		goto out_unlock;
 
 	array = p->array;
@@ -1515,8 +1513,7 @@
 	read_lock(&tasklist_lock);
 	p = find_process_by_pid(pid);
 	if (p) {
-		retval = security_ops->task_getscheduler(p);
-		if (!retval)
+		if (!(retval = security_task_getscheduler(p)))
 			retval = p->policy;
 	}
 	read_unlock(&tasklist_lock);
@@ -1545,8 +1542,7 @@
 	if (!p)
 		goto out_unlock;
 
-	retval = security_ops->task_getscheduler(p);
-	if (retval)
+	if ((retval = security_task_getscheduler(p)))
 		goto out_unlock;
 
 	lp.sched_priority = p->rt_priority;
@@ -1778,8 +1774,7 @@
 	if (!p)
 		goto out_unlock;
 
-	retval = security_ops->task_getscheduler(p);
-	if (retval)
+	if ((retval = security_task_getscheduler(p)))
 		goto out_unlock;
 
 	jiffies_to_timespec(p->policy & SCHED_FIFO ?
===== kernel/signal.c 1.48 vs edited =====
--- 1.48/kernel/signal.c	Thu Oct  3 02:26:00 2002
+++ edited/kernel/signal.c	Wed Oct 16 00:30:19 2002
@@ -18,6 +18,7 @@
 #include <linux/fs.h>
 #include <linux/tty.h>
 #include <linux/binfmts.h>
+#include <linux/security.h>
 #include <asm/param.h>
 #include <asm/uaccess.h>
 #include <asm/siginfo.h>
@@ -706,8 +707,7 @@
 	ret = -EPERM;
 	if (bad_signal(sig, info, t))
 		goto out;
-	ret = security_ops->task_kill(t, info, sig);
-	if (ret)
+	if ((ret = security_task_kill(t, info, sig)))
 		goto out;
 
 	/* The null signal is a permissions and process existence probe.
===== kernel/sys.c 1.30 vs edited =====
--- 1.30/kernel/sys.c	Tue Oct 15 14:45:52 2002
+++ edited/kernel/sys.c	Wed Oct 16 00:33:50 2002
@@ -204,6 +204,7 @@
 cond_syscall(sys_quotactl)
 cond_syscall(sys_acct)
 cond_syscall(sys_lookup_dcookie)
+cond_syscall(sys_security)
 
 static int set_one_prio(struct task_struct *p, int niceval, int error)
 {
@@ -479,8 +480,7 @@
 	int new_egid = old_egid;
 	int retval;
 
-	retval = security_ops->task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE);
-	if (retval)
+	if ((retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE)))
 		return retval;
 
 	if (rgid != (gid_t) -1) {
@@ -525,8 +525,7 @@
 	int old_egid = current->egid;
 	int retval;
 
-	retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID);
-	if (retval)
+	if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID)))
 		return retval;
 
 	if (capable(CAP_SETGID))
@@ -599,8 +598,7 @@
 	int old_ruid, old_euid, old_suid, new_ruid, new_euid;
 	int retval;
 
-	retval = security_ops->task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE);
-	if (retval)
+	if ((retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE)))
 		return retval;
 
 	new_ruid = old_ruid = current->uid;
@@ -638,7 +636,7 @@
 		current->suid = current->euid;
 	current->fsuid = current->euid;
 
-	return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
+	return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
 }
 
 
@@ -660,8 +658,7 @@
 	int old_ruid, old_suid, new_ruid, new_suid;
 	int retval;
 
-	retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID);
-	if (retval)
+	if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID)))
 		return retval;
 
 	old_ruid = new_ruid = current->uid;
@@ -683,7 +680,7 @@
 	current->fsuid = current->euid = uid;
 	current->suid = new_suid;
 
-	return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
+	return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
 }
 
 
@@ -698,8 +695,7 @@
 	int old_suid = current->suid;
 	int retval;
 
-	retval = security_ops->task_setuid(ruid, euid, suid, LSM_SETID_RES);
-	if (retval)
+	if ((retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES)))
 		return retval;
 
 	if (!capable(CAP_SETUID)) {
@@ -729,7 +725,7 @@
 	if (suid != (uid_t) -1)
 		current->suid = suid;
 
-	return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
+	return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
 }
 
 asmlinkage long sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid)
@@ -750,8 +746,7 @@
 {
 	int retval;
 
-	retval = security_ops->task_setgid(rgid, egid, sgid, LSM_SETID_RES);
-	if (retval)
+	if ((retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES)))
 		return retval;
 
 	if (!capable(CAP_SETGID)) {
@@ -804,8 +799,7 @@
 	int old_fsuid;
 	int retval;
 
-	retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
-	if (retval)
+	if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)))
 		return retval;
 
 	old_fsuid = current->fsuid;
@@ -821,8 +815,7 @@
 		current->fsuid = uid;
 	}
 
-	retval = security_ops->task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
-	if (retval)
+	if ((retval = security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)))
 		return retval;
 
 	return old_fsuid;
@@ -836,8 +829,7 @@
 	int old_fsgid;
 	int retval;
 
-	retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS);
-	if (retval)
+	if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)))
 		return retval;
 
 	old_fsgid = current->fsgid;
@@ -962,8 +954,7 @@
 
 		retval = -ESRCH;
 		if (p) {
-			retval = security_ops->task_getpgid(p);
-			if (!retval)
+			if (!(retval = security_task_getpgid(p)))
 				retval = p->pgrp;
 		}
 		read_unlock(&tasklist_lock);
@@ -990,8 +981,7 @@
 
 		retval = -ESRCH;
 		if(p) {
-			retval = security_ops->task_getsid(p);
-			if (!retval)
+			if (!(retval = security_task_getsid(p)))
 				retval = p->session;
 		}
 		read_unlock(&tasklist_lock);
@@ -1072,8 +1062,7 @@
 		return -EINVAL;
 	if(copy_from_user(groups, grouplist, gidsetsize * sizeof(gid_t)))
 		return -EFAULT;
-	retval = security_ops->task_setgroups(gidsetsize, groups);
-	if (retval)
+	if ((retval = security_task_setgroups(gidsetsize, groups)))
 		return retval;
 	memcpy(current->groups, groups, gidsetsize * sizeof(gid_t));
 	current->ngroups = gidsetsize;
@@ -1236,8 +1225,7 @@
 			return -EPERM;
 	}
 
-	retval = security_ops->task_setrlimit(resource, &new_rlim);
-	if (retval)
+	if ((retval = security_task_setrlimit(resource, &new_rlim)))
 		return retval;
 
 	*old_rlim = new_rlim;
@@ -1311,8 +1299,7 @@
 	int error = 0;
 	int sig;
 
-	error = security_ops->task_prctl(option, arg2, arg3, arg4, arg5);
-	if (error)
+	if ((error = security_task_prctl(option, arg2, arg3, arg4, arg5)))
 		return error;
 
 	switch (option) {
===== kernel/uid16.c 1.2 vs edited =====
--- 1.2/kernel/uid16.c	Fri Jul 19 16:00:55 2002
+++ edited/kernel/uid16.c	Wed Oct 16 00:30:43 2002
@@ -140,8 +140,7 @@
 		return -EFAULT;
 	for (i = 0 ; i < gidsetsize ; i++)
 		new_groups[i] = (gid_t)groups[i];
-	i = security_ops->task_setgroups(gidsetsize, new_groups);
-	if (i)
+	if ((i = security_task_setgroups(gidsetsize, new_groups)))
 		return i;
 	memcpy(current->groups, new_groups, gidsetsize * sizeof(gid_t));
 	current->ngroups = gidsetsize;
===== mm/mmap.c 1.53 vs edited =====
--- 1.53/mm/mmap.c	Tue Oct 15 15:08:06 2002
+++ edited/mm/mmap.c	Wed Oct 16 00:36:48 2002
@@ -498,8 +498,7 @@
 		}
 	}
 
-	error = security_ops->file_mmap(file, prot, flags);
-	if (error)
+	if ((error = security_file_mmap(file, prot, flags)))
 		return error;
 		
 	/* Clear old maps */
===== mm/mprotect.c 1.19 vs edited =====
--- 1.19/mm/mprotect.c	Tue Oct  1 16:43:14 2002
+++ edited/mm/mprotect.c	Wed Oct 16 00:36:58 2002
@@ -262,8 +262,7 @@
 			goto out;
 		}
 
-		error = security_ops->file_mprotect(vma, prot);
-		if (error)
+		if ((error = security_file_mprotect(vma, prot)))
 			goto out;
 
 		if (vma->vm_end > end) {
===== net/core/scm.c 1.3 vs edited =====
--- 1.3/net/core/scm.c	Mon Jul 22 03:12:48 2002
+++ edited/net/core/scm.c	Wed Oct 16 00:41:37 2002
@@ -217,8 +217,7 @@
 	for (i=0, cmfptr=(int*)CMSG_DATA(cm); i<fdmax; i++, cmfptr++)
 	{
 		int new_fd;
-		err = security_ops->file_receive(fp[i]);
-		if (err)
+		if ((err = security_file_receive(fp[i])))
 			break;
 		err = get_unused_fd();
 		if (err < 0)
===== net/decnet/af_decnet.c 1.18 vs edited =====
--- 1.18/net/decnet/af_decnet.c	Tue Oct  8 07:02:41 2002
+++ edited/net/decnet/af_decnet.c	Wed Oct 16 00:42:30 2002
@@ -113,6 +113,7 @@
 #include <linux/inet.h>
 #include <linux/route.h>
 #include <linux/netfilter.h>
+#include <linux/security.h>
 #include <net/sock.h>
 #include <net/tcp.h>
 #include <asm/system.h>
@@ -794,7 +795,7 @@
 	 * dn_prot_sock ? Would be nice if the capable call would go there
 	 * too.
 	 */
-	if (security_ops->dn_prot_sock(saddr) &&
+	if (security_dn_prot_sock(saddr) &&
 	    !capable(CAP_NET_BIND_SERVICE) || 
 	    saddr->sdn_objnum || (saddr->sdn_flags & SDF_WILD))
 		return -EACCES;
===== security/Config.in 1.3 vs edited =====
--- 1.3/security/Config.in	Sat Jul 20 12:05:09 2002
+++ edited/security/Config.in	Tue Oct 15 22:24:46 2002
@@ -3,5 +3,8 @@
 #
 mainmenu_option next_comment
 comment 'Security options'
-define_bool CONFIG_SECURITY_CAPABILITIES y
+bool 'Enable different security models' CONFIG_SECURITY
+if [ "$CONFIG_SECURITY" = "y" ]; then
+   dep_tristate '  Default Linux Capabilities' CONFIG_SECURITY_CAPABILITIES $CONFIG_SECURITY
+fi
 endmenu
===== security/Makefile 1.1 vs edited =====
--- 1.1/security/Makefile	Fri Jul 19 15:55:56 2002
+++ edited/security/Makefile	Tue Oct 15 22:26:19 2002
@@ -6,8 +6,7 @@
 export-objs	:= security.o
 
 # Object file lists
-obj-y		:= security.o dummy.o
-
+obj-$(CONFIG_SECURITY)			+= security.o dummy.o
 obj-$(CONFIG_SECURITY_CAPABILITIES)	+= capability.o
 
 include $(TOPDIR)/Rules.make

Re: [RFC] change format of LSM hooks

[Greg KH]

On Wed, Oct 16, 2002 at 01:15:40AM -0700, Greg KH wrote:
> On Tue, Oct 15, 2002 at 05:07:06PM -0700, Greg KH wrote:
> > 
> > I'll work on fixing up the rest of the hooks, and removing the external
> > reference to security_ops, and actually test this thing, later this
> > evening.
> 
> Here's all the hooks converted over to function calls.  Chris Wright
> pointed out I need to do some extra work with the existing capabilities
> hooks, but I'll do that in the morning.

Ok, here's a working version (I'm typing from it right now), with all of
the capability logic working again.  This does make the
security/built-in.o file this size with CONFIG_SECURITY=y

   text    data     bss     dec     hex filename
   1611       0       0    1611     64b security/built-in.o

But this is due to the code there being moved from other parts of the
kernel in the initial LSM merge, so there is no real increased code
size.

It's also now pretty easy to tweak things to drop capability support
alltogether, which should save the above space, and make the embedded
people happy.  If we ever end up with a CONFIG_REALLY_SMALL option, I'll
make those changes.

Could people please look this over and offer any comments?  I'm
especially interested in comments regarding the changes I've made to
security/Config.in, security/Makefile, include/linux/security.h and
security/capability.c.  Again, this is against 2.5.43.

If no one has any problems with this, I'll send it on to Linus later
this evening.

thanks,

greg k-h

===== arch/arm/kernel/ptrace.c 1.14 vs edited =====
--- 1.14/arch/arm/kernel/ptrace.c	Sun Oct 13 07:32:28 2002
+++ edited/arch/arm/kernel/ptrace.c	Wed Oct 16 00:46:07 2002
@@ -719,8 +719,7 @@
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
===== arch/i386/kernel/ptrace.c 1.13 vs edited =====
--- 1.13/arch/i386/kernel/ptrace.c	Fri Jul 19 16:00:55 2002
+++ edited/arch/i386/kernel/ptrace.c	Tue Oct 15 22:24:45 2002
@@ -160,8 +160,7 @@
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
===== arch/ia64/kernel/ptrace.c 1.12 vs edited =====
--- 1.12/arch/ia64/kernel/ptrace.c	Tue Sep 17 23:22:09 2002
+++ edited/arch/ia64/kernel/ptrace.c	Wed Oct 16 00:45:53 2002
@@ -1101,8 +1101,7 @@
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		current->ptrace |= PT_PTRACED;
 		ret = 0;
===== arch/ppc/kernel/ptrace.c 1.10 vs edited =====
--- 1.10/arch/ppc/kernel/ptrace.c	Sun Sep 15 21:51:59 2002
+++ edited/arch/ppc/kernel/ptrace.c	Wed Oct 16 00:45:41 2002
@@ -166,8 +166,7 @@
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
===== arch/ppc64/kernel/ptrace.c 1.3 vs edited =====
--- 1.3/arch/ppc64/kernel/ptrace.c	Wed Aug 28 23:42:43 2002
+++ edited/arch/ppc64/kernel/ptrace.c	Wed Oct 16 00:45:16 2002
@@ -59,8 +59,7 @@
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
===== arch/ppc64/kernel/ptrace32.c 1.5 vs edited =====
--- 1.5/arch/ppc64/kernel/ptrace32.c	Wed Aug 28 23:42:43 2002
+++ edited/arch/ppc64/kernel/ptrace32.c	Wed Oct 16 00:45:29 2002
@@ -48,8 +48,7 @@
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
===== arch/ppc64/kernel/sys_ppc32.c 1.24 vs edited =====
--- 1.24/arch/ppc64/kernel/sys_ppc32.c	Fri Oct 11 19:04:17 2002
+++ edited/arch/ppc64/kernel/sys_ppc32.c	Wed Oct 16 00:15:31 2002
@@ -53,6 +53,7 @@
 #include <linux/mman.h>
 #include <linux/sysctl.h>
 #include <linux/binfmts.h>
+#include <linux/security.h>
 
 #include <asm/types.h>
 #include <asm/ipc.h>
@@ -3519,8 +3520,7 @@
 	if ((retval = bprm.envc) < 0)
 		goto out_mm;
 
-	retval = security_ops->bprm_alloc_security(&bprm);
-	if (retval) 
+	if ((retval = security_bprm_alloc(&bprm)))
 		goto out;
 
 	retval = prepare_binprm(&bprm);
@@ -3543,7 +3543,7 @@
 	retval = search_binary_handler(&bprm,regs);
 	if (retval >= 0) {
 		/* execve success */
-		security_ops->bprm_free_security(&bprm);
+		security_bprm_free(&bprm);
 		return retval;
 	}
 
@@ -3556,7 +3556,7 @@
 	}
 
 	if (bprm.security)
-		security_ops->bprm_free_security(&bprm);
+		security_bprm_free(&bprm);
 
 out_mm:
 	mmdrop(bprm.mm);
===== arch/s390/kernel/ptrace.c 1.9 vs edited =====
--- 1.9/arch/s390/kernel/ptrace.c	Fri Oct  4 09:16:18 2002
+++ edited/arch/s390/kernel/ptrace.c	Wed Oct 16 00:44:51 2002
@@ -330,8 +330,7 @@
 		ret = -EPERM;
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
===== arch/s390x/kernel/ptrace.c 1.8 vs edited =====
--- 1.8/arch/s390x/kernel/ptrace.c	Fri Oct  4 09:16:18 2002
+++ edited/arch/s390x/kernel/ptrace.c	Wed Oct 16 00:44:40 2002
@@ -32,6 +32,7 @@
 #include <linux/errno.h>
 #include <linux/ptrace.h>
 #include <linux/user.h>
+#include <linux/security.h>
 
 #include <asm/segment.h>
 #include <asm/page.h>
@@ -568,8 +569,7 @@
 		ret = -EPERM;
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
===== arch/sparc/kernel/ptrace.c 1.11 vs edited =====
--- 1.11/arch/sparc/kernel/ptrace.c	Sat Aug 24 04:08:41 2002
+++ edited/arch/sparc/kernel/ptrace.c	Wed Oct 16 00:44:06 2002
@@ -291,8 +291,7 @@
 			pt_error_return(regs, EPERM);
 			goto out;
 		}
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret) {
+		if ((ret = security_ptrace(current->parent, current))) {
 			pt_error_return(regs, -ret);
 			goto out;
 		}
===== arch/sparc64/kernel/ptrace.c 1.16 vs edited =====
--- 1.16/arch/sparc64/kernel/ptrace.c	Sat Aug 24 03:59:14 2002
+++ edited/arch/sparc64/kernel/ptrace.c	Wed Oct 16 00:43:53 2002
@@ -140,8 +140,7 @@
 			pt_error_return(regs, EPERM);
 			goto out;
 		}
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret) {
+		if ((ret = security_ptrace(current->parent, current))) {
 			pt_error_return(regs, -ret);
 			goto out;
 		}
===== arch/sparc64/kernel/sys_sparc32.c 1.39 vs edited =====
--- 1.39/arch/sparc64/kernel/sys_sparc32.c	Mon Oct 14 05:17:46 2002
+++ edited/arch/sparc64/kernel/sys_sparc32.c	Wed Oct 16 00:14:27 2002
@@ -2972,8 +2972,7 @@
 	if ((retval = bprm.envc) < 0)
 		goto out_mm;
 
-	retval = security_ops->bprm_alloc_security(&bprm);
-	if (retval) 
+	if ((retval = security_bprm_alloc(&bprm)))
 		goto out;
 
 	retval = prepare_binprm(&bprm);
@@ -2996,7 +2995,7 @@
 	retval = search_binary_handler(&bprm, regs);
 	if (retval >= 0) {
 		/* execve success */
-		security_ops->bprm_free_security(&bprm);
+		security_bprm_free(&bprm);
 		return retval;
 	}
 
@@ -3009,7 +3008,7 @@
 	}
 
 	if (bprm.security)
-		security_ops->bprm_free_security(&bprm);
+		security_bprm_free(&bprm);
 
 out_mm:
 	mmdrop(bprm.mm);
===== arch/um/kernel/ptrace.c 1.1 vs edited =====
--- 1.1/arch/um/kernel/ptrace.c	Fri Sep  6 10:50:31 2002
+++ edited/arch/um/kernel/ptrace.c	Wed Oct 16 00:43:41 2002
@@ -33,8 +33,7 @@
 		if (current->ptrace & PT_PTRACED)
 			goto out;
 
-		ret = security_ops->ptrace(current->parent, current);
-		if(ret)
+		if ((ret = security_ptrace(current->parent, current)))
  			goto out;
 
 		/* set the ptrace bit in the process flags. */
===== arch/x86_64/kernel/ptrace.c 1.4 vs edited =====
--- 1.4/arch/x86_64/kernel/ptrace.c	Fri Oct 11 16:52:38 2002
+++ edited/arch/x86_64/kernel/ptrace.c	Wed Oct 16 00:43:30 2002
@@ -178,8 +178,7 @@
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		ret = security_ops->ptrace(current->parent, current);
-		if (ret)
+		if ((ret = security_ptrace(current->parent, current)))
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
===== drivers/base/fs/class.c 1.2 vs edited =====
--- 1.2/drivers/base/fs/class.c	Mon Aug 26 08:39:22 2002
+++ edited/drivers/base/fs/class.c	Tue Oct 15 22:24:45 2002
@@ -7,6 +7,8 @@
 #include <linux/init.h>
 #include <linux/slab.h>
 #include <linux/err.h>
+#include <linux/limits.h>
+#include <linux/stat.h>
 #include "fs.h"
 
 static struct driver_dir_entry class_dir;
===== drivers/base/fs/intf.c 1.2 vs edited =====
--- 1.2/drivers/base/fs/intf.c	Mon Aug 26 09:24:18 2002
+++ edited/drivers/base/fs/intf.c	Tue Oct 15 22:24:45 2002
@@ -4,6 +4,8 @@
 
 #include <linux/device.h>
 #include <linux/slab.h>
+#include <linux/limits.h>
+#include <linux/errno.h>
 #include "fs.h"
 
 /**
===== fs/attr.c 1.10 vs edited =====
--- 1.10/fs/attr.c	Mon Jul 22 03:12:48 2002
+++ edited/fs/attr.c	Tue Oct 15 23:50:23 2002
@@ -153,13 +153,12 @@
 	}
 
 	if (inode->i_op && inode->i_op->setattr) {
-		error = security_ops->inode_setattr(dentry, attr);
-		if (!error)
+		if (!(error = security_inode_setattr(dentry, attr)))
 			error = inode->i_op->setattr(dentry, attr);
 	} else {
 		error = inode_change_ok(inode, attr);
 		if (!error)
-			error = security_ops->inode_setattr(dentry, attr);
+			error = security_inode_setattr(dentry, attr);
 		if (!error) {
 			if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
 			    (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
===== fs/dquot.c 1.48 vs edited =====
--- 1.48/fs/dquot.c	Sun Oct 13 08:39:23 2002
+++ edited/fs/dquot.c	Tue Oct 15 22:55:27 2002
@@ -69,6 +69,7 @@
 #include <linux/init.h>
 #include <linux/module.h>
 #include <linux/proc_fs.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 
@@ -1305,8 +1306,7 @@
 	error = -EIO;
 	if (!f->f_op || !f->f_op->read || !f->f_op->write)
 		goto out_f;
-	error = security_ops->quota_on(f);
-	if (error)
+	if ((error = security_quota_on(f)))
 		goto out_f;
 	inode = f->f_dentry->d_inode;
 	error = -EACCES;
===== fs/exec.c 1.51 vs edited =====
--- 1.51/fs/exec.c	Sun Oct 13 09:32:22 2002
+++ edited/fs/exec.c	Tue Oct 15 23:03:20 2002
@@ -43,6 +43,7 @@
 #include <linux/namei.h>
 #include <linux/proc_fs.h>
 #include <linux/ptrace.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 #include <asm/pgalloc.h>
@@ -818,8 +819,7 @@
 	}
 
 	/* fill in binprm security blob */
-	retval = security_ops->bprm_set_security(bprm);
-	if (retval)
+	if ((retval = security_bprm_set(bprm)))
 		return retval;
 
 	memset(bprm->buf,0,BINPRM_BUF_SIZE);
@@ -867,7 +867,7 @@
 	if(do_unlock)
 		unlock_kernel();
 
-	security_ops->bprm_compute_creds(bprm);
+	security_bprm_compute_creds(bprm);
 }
 
 void remove_arg_zero(struct linux_binprm *bprm)
@@ -936,8 +936,7 @@
 	    }
 	}
 #endif
-	retval = security_ops->bprm_check_security(bprm);
-	if (retval) 
+	if ((retval = security_bprm_check(bprm)))
 		return retval;
 
 	/* kernel module loader fixup */
@@ -1033,8 +1032,7 @@
 	if ((retval = bprm.envc) < 0)
 		goto out_mm;
 
-	retval = security_ops->bprm_alloc_security(&bprm);
-	if (retval) 
+	if ((retval = security_bprm_alloc(&bprm)))
 		goto out;
 
 	retval = prepare_binprm(&bprm);
@@ -1057,7 +1055,7 @@
 	retval = search_binary_handler(&bprm,regs);
 	if (retval >= 0) {
 		/* execve success */
-		security_ops->bprm_free_security(&bprm);
+		security_bprm_free(&bprm);
 		return retval;
 	}
 
@@ -1070,7 +1068,7 @@
 	}
 
 	if (bprm.security)
-		security_ops->bprm_free_security(&bprm);
+		security_bprm_free(&bprm);
 
 out_mm:
 	mmdrop(bprm.mm);
===== fs/fcntl.c 1.20 vs edited =====
--- 1.20/fs/fcntl.c	Sun Oct 13 08:39:40 2002
+++ edited/fs/fcntl.c	Wed Oct 16 00:04:50 2002
@@ -274,8 +274,7 @@
 {
 	int err;
 	
-	err = security_ops->file_set_fowner(filp);
-	if (err)
+	if ((err = security_file_set_fowner(filp)))
 		return err;
 
 	f_modown(filp, arg, current->uid, current->euid, force);
@@ -368,8 +367,7 @@
 	if (!filp)
 		goto out;
 
-	err = security_ops->file_fcntl(filp, cmd, arg);
-	if (err) {
+	if ((err = security_file_fcntl(filp, cmd, arg))) {
 		fput(filp);
 		return err;
 	}
@@ -392,8 +390,7 @@
 	if (!filp)
 		goto out;
 
-	err = security_ops->file_fcntl(filp, cmd, arg);
-	if (err) {
+	if ((err = security_file_fcntl(filp, cmd, arg))) {
 		fput(filp);
 		return err;
 	}
@@ -444,7 +441,7 @@
 	if (!sigio_perm(p, fown))
 		return;
 
-	if (security_ops->file_send_sigiotask(p, fown, fd, reason))
+	if (security_file_send_sigiotask(p, fown, fd, reason))
 		return;
 
 	switch (fown->signum) {
===== fs/file_table.c 1.13 vs edited =====
--- 1.13/fs/file_table.c	Sun Oct 13 08:39:40 2002
+++ edited/fs/file_table.c	Wed Oct 16 00:04:27 2002
@@ -46,7 +46,7 @@
 		files_stat.nr_free_files--;
 	new_one:
 		memset(f, 0, sizeof(*f));
-		if (security_ops->file_alloc_security(f)) {
+		if (security_file_alloc(f)) {
 			list_add(&f->f_list, &free_list);
 			files_stat.nr_free_files++;
 			file_list_unlock();
@@ -127,7 +127,7 @@
 
 	if (file->f_op && file->f_op->release)
 		file->f_op->release(inode, file);
-	security_ops->file_free_security(file);
+	security_file_free(file);
 	fops_put(file->f_op);
 	if (file->f_mode & FMODE_WRITE)
 		put_write_access(inode);
@@ -160,7 +160,7 @@
 void put_filp(struct file *file)
 {
 	if(atomic_dec_and_test(&file->f_count)) {
-		security_ops->file_free_security(file);
+		security_file_free(file);
 		file_list_lock();
 		list_del(&file->f_list);
 		list_add(&file->f_list, &free_list);
===== fs/inode.c 1.74 vs edited =====
--- 1.74/fs/inode.c	Sun Oct 13 08:39:23 2002
+++ edited/fs/inode.c	Tue Oct 15 23:49:49 2002
@@ -120,7 +120,7 @@
 		inode->i_bdev = NULL;
 		inode->i_cdev = NULL;
 		inode->i_security = NULL;
-		if (security_ops->inode_alloc_security(inode)) {
+		if (security_inode_alloc(inode)) {
 			if (inode->i_sb->s_op->destroy_inode)
 				inode->i_sb->s_op->destroy_inode(inode);
 			else
@@ -146,7 +146,7 @@
 {
 	if (inode_has_buffers(inode))
 		BUG();
-	security_ops->inode_free_security(inode);
+	security_inode_free(inode);
 	if (inode->i_sb->s_op->destroy_inode) {
 		inode->i_sb->s_op->destroy_inode(inode);
 	} else {
@@ -922,7 +922,7 @@
 	if (inode->i_data.nrpages)
 		truncate_inode_pages(&inode->i_data, 0);
 
-	security_ops->inode_delete(inode);
+	security_inode_delete(inode);
 
 	if (op && op->delete_inode) {
 		void (*delete)(struct inode *) = op->delete_inode;
===== fs/ioctl.c 1.5 vs edited =====
--- 1.5/fs/ioctl.c	Mon Jul 22 03:12:48 2002
+++ edited/fs/ioctl.c	Wed Oct 16 00:06:16 2002
@@ -59,8 +59,7 @@
 		goto out;
 	error = 0;
 
-	error = security_ops->file_ioctl(filp, cmd, arg);
-        if (error) {
+	if ((error = security_file_ioctl(filp, cmd, arg))) {
                 fput(filp);
                 goto out;
         }
===== fs/locks.c 1.30 vs edited =====
--- 1.30/fs/locks.c	Thu Sep 26 10:36:16 2002
+++ edited/fs/locks.c	Wed Oct 16 00:06:00 2002
@@ -122,6 +122,7 @@
 #include <linux/timer.h>
 #include <linux/time.h>
 #include <linux/fs.h>
+#include <linux/security.h>
 
 #include <asm/semaphore.h>
 #include <asm/uaccess.h>
@@ -1170,8 +1171,7 @@
 		return -EACCES;
 	if (!S_ISREG(inode->i_mode))
 		return -EINVAL;
-	error = security_ops->file_lock(filp, arg);
-	if (error)
+	if ((error = security_file_lock(filp, arg)))
 		return error;
 
 	lock_kernel();
@@ -1284,8 +1284,7 @@
 	if (error)
 		goto out_putf;
 
-	error = security_ops->file_lock(filp, cmd);
-	if (error)
+	if ((error = security_file_lock(filp, cmd)))
 		goto out_free;
 
 	for (;;) {
@@ -1434,8 +1433,7 @@
 		goto out;
 	}
 
-	error = security_ops->file_lock(filp, file_lock->fl_type);
-	if (error)
+	if ((error = security_file_lock(filp, file_lock->fl_type)))
 		goto out;
 
 	if (filp->f_op && filp->f_op->lock != NULL) {
@@ -1574,8 +1572,7 @@
 		goto out;
 	}
 
-	error = security_ops->file_lock(filp, file_lock->fl_type);
-	if (error)
+	if ((error = security_file_lock(filp, file_lock->fl_type)))
 		goto out;
 
 	if (filp->f_op && filp->f_op->lock != NULL) {
===== fs/namei.c 1.56 vs edited =====
--- 1.56/fs/namei.c	Tue Sep 17 12:52:27 2002
+++ edited/fs/namei.c	Tue Oct 15 23:47:28 2002
@@ -218,7 +218,7 @@
 	if (retval)
 		return retval;
 
-	return security_ops->inode_permission(inode, mask);
+	return security_inode_permission(inode, mask);
 }
 
 /*
@@ -340,7 +340,7 @@
 
 	return -EACCES;
 ok:
-	return security_ops->inode_permission_lite(inode, MAY_EXEC);
+	return security_inode_permission_lite(inode, MAY_EXEC);
 }
 
 /*
@@ -374,7 +374,7 @@
 				dput(dentry);
 			else {
 				result = dentry;
-				security_ops->inode_post_lookup(dir, result);
+				security_inode_post_lookup(dir, result);
 			}
 		}
 		up(&dir->i_sem);
@@ -413,8 +413,7 @@
 		current->state = TASK_RUNNING;
 		schedule();
 	}
-	err = security_ops->inode_follow_link(dentry, nd);
-	if (err)
+	if ((err = security_inode_follow_link(dentry, nd)))
 		goto loop;
 	current->link_count++;
 	current->total_link_count++;
@@ -918,7 +917,7 @@
 		dentry = inode->i_op->lookup(inode, new);
 		if (!dentry) {
 			dentry = new;
-			security_ops->inode_post_lookup(inode, dentry);
+			security_inode_post_lookup(inode, dentry);
 		} else
 			dput(new);
 	}
@@ -1125,14 +1124,13 @@
 		return -EACCES;	/* shouldn't it be ENOSYS? */
 	mode &= S_IALLUGO;
 	mode |= S_IFREG;
-	error = security_ops->inode_create(dir, dentry, mode);
-	if (error)
+	if ((error = security_inode_create(dir, dentry, mode)))
 		return error;
 	DQUOT_INIT(dir);
 	error = dir->i_op->create(dir, dentry, mode);
 	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
-		security_ops->inode_post_create(dir, dentry, mode);
+		security_inode_post_create(dir, dentry, mode);
 	}
 	return error;
 }
@@ -1344,8 +1342,7 @@
 	 * stored in nd->last.name and we will have to putname() it when we
 	 * are done. Procfs-like symlinks just set LAST_BIND.
 	 */
-	error = security_ops->inode_follow_link(dentry, nd);
-	if (error)
+	if ((error = security_inode_follow_link(dentry, nd)))
 		goto exit_dput;
 	UPDATE_ATIME(dentry->d_inode);
 	error = dentry->d_inode->i_op->follow_link(dentry, nd);
@@ -1410,15 +1407,14 @@
 	if (!dir->i_op || !dir->i_op->mknod)
 		return -EPERM;
 
-	error = security_ops->inode_mknod(dir, dentry, mode, dev);
-	if (error)
+	if ((error = security_inode_mknod(dir, dentry, mode, dev)))
 		return error;
 
 	DQUOT_INIT(dir);
 	error = dir->i_op->mknod(dir, dentry, mode, dev);
 	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
-		security_ops->inode_post_mknod(dir, dentry, mode, dev);
+		security_inode_post_mknod(dir, dentry, mode, dev);
 	}
 	return error;
 }
@@ -1478,15 +1474,14 @@
 		return -EPERM;
 
 	mode &= (S_IRWXUGO|S_ISVTX);
-	error = security_ops->inode_mkdir(dir, dentry, mode);
-	if (error)
+	if ((error = security_inode_mkdir(dir, dentry, mode)))
 		return error;
 
 	DQUOT_INIT(dir);
 	error = dir->i_op->mkdir(dir, dentry, mode);
 	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
-		security_ops->inode_post_mkdir(dir,dentry, mode);
+		security_inode_post_mkdir(dir,dentry, mode);
 	}
 	return error;
 }
@@ -1570,8 +1565,7 @@
 	if (d_mountpoint(dentry))
 		error = -EBUSY;
 	else {
-		error = security_ops->inode_rmdir(dir, dentry);
-		if (!error) {
+		if (!(error = security_inode_rmdir(dir, dentry))) {
 			error = dir->i_op->rmdir(dir, dentry);
 			if (!error)
 				dentry->d_inode->i_flags |= S_DEAD;
@@ -1644,10 +1638,8 @@
 	if (d_mountpoint(dentry))
 		error = -EBUSY;
 	else {
-		error = security_ops->inode_unlink(dir, dentry);
-		if (!error) {
+		if (!(error = security_inode_unlink(dir, dentry)))
 			error = dir->i_op->unlink(dir, dentry);
-		}
 	}
 	up(&dentry->d_inode->i_sem);
 	if (!error) {
@@ -1709,15 +1701,14 @@
 	if (!dir->i_op || !dir->i_op->symlink)
 		return -EPERM;
 
-	error = security_ops->inode_symlink(dir, dentry, oldname);
-	if (error)
+	if ((error = security_inode_symlink(dir, dentry, oldname)))
 		return error;
 
 	DQUOT_INIT(dir);
 	error = dir->i_op->symlink(dir, dentry, oldname);
 	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
-		security_ops->inode_post_symlink(dir, dentry, oldname);
+		security_inode_post_symlink(dir, dentry, oldname);
 	}
 	return error;
 }
@@ -1780,8 +1771,7 @@
 	if (S_ISDIR(old_dentry->d_inode->i_mode))
 		return -EPERM;
 
-	error = security_ops->inode_link(old_dentry, dir, new_dentry);
-	if (error)
+	if ((error = security_inode_link(old_dentry, dir, new_dentry)))
 		return error;
 
 	down(&old_dentry->d_inode->i_sem);
@@ -1790,7 +1780,7 @@
 	up(&old_dentry->d_inode->i_sem);
 	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
-		security_ops->inode_post_link(old_dentry, dir, new_dentry);
+		security_inode_post_link(old_dentry, dir, new_dentry);
 	}
 	return error;
 }
@@ -1889,8 +1879,7 @@
 			return error;
 	}
 
-	error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry);
-	if (error)
+	if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry)))
 		return error;
 
 	target = new_dentry->d_inode;
@@ -1912,8 +1901,8 @@
 	}
 	if (!error) {
 		d_move(old_dentry,new_dentry);
-		security_ops->inode_post_rename(old_dir, old_dentry,
-							new_dir, new_dentry);
+		security_inode_post_rename(old_dir, old_dentry,
+					   new_dir, new_dentry);
 	}
 	return error;
 }
@@ -1924,8 +1913,7 @@
 	struct inode *target;
 	int error;
 
-	error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry);
-	if (error)
+	if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry)))
 		return error;
 
 	dget(new_dentry);
@@ -1940,7 +1928,7 @@
 		/* The following d_move() should become unconditional */
 		if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME))
 			d_move(old_dentry, new_dentry);
-		security_ops->inode_post_rename(old_dir, old_dentry, new_dir, new_dentry);
+		security_inode_post_rename(old_dir, old_dentry, new_dir, new_dentry);
 	}
 	if (target)
 		up(&target->i_sem);
===== fs/namespace.c 1.29 vs edited =====
--- 1.29/fs/namespace.c	Tue Sep 17 12:52:27 2002
+++ edited/fs/namespace.c	Tue Oct 15 23:17:32 2002
@@ -19,6 +19,7 @@
 #include <linux/seq_file.h>
 #include <linux/namespace.h>
 #include <linux/namei.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 
@@ -288,8 +289,7 @@
 	struct super_block * sb = mnt->mnt_sb;
 	int retval = 0;
 
-	retval = security_ops->sb_umount(mnt, flags);
-	if (retval)
+	if ((retval = security_sb_umount(mnt, flags)))
 		return retval;
 
 	/*
@@ -341,7 +341,7 @@
 		DQUOT_OFF(sb);
 		acct_auto_close(sb);
 		unlock_kernel();
-		security_ops->sb_umount_close(mnt);
+		security_sb_umount_close(mnt);
 		spin_lock(&dcache_lock);
 	}
 	retval = -EBUSY;
@@ -352,7 +352,7 @@
 	}
 	spin_unlock(&dcache_lock);
 	if (retval)
-		security_ops->sb_umount_busy(mnt);
+		security_sb_umount_busy(mnt);
 	up_write(&current->namespace->sem);
 	return retval;
 }
@@ -470,8 +470,7 @@
 	if (IS_DEADDIR(nd->dentry->d_inode))
 		goto out_unlock;
 
-	err = security_ops->sb_check_sb(mnt, nd);
-	if (err)
+	if ((err = security_sb_check_sb(mnt, nd)))
 		goto out_unlock;
 
 	spin_lock(&dcache_lock);
@@ -487,7 +486,7 @@
 out_unlock:
 	up(&nd->dentry->d_inode->i_sem);
 	if (!err)
-		security_ops->sb_post_addmount(mnt, nd);
+		security_sb_post_addmount(mnt, nd);
 	return err;
 }
 
@@ -558,7 +557,7 @@
 		nd->mnt->mnt_flags=mnt_flags;
 	up_write(&sb->s_umount);
 	if (!err)
-		security_ops->sb_post_remount(nd->mnt, flags, data);
+		security_sb_post_remount(nd->mnt, flags, data);
 	return err;
 }
 
@@ -741,8 +740,7 @@
 	if (retval)
 		return retval;
 
-	retval = security_ops->sb_mount(dev_name, &nd, type_page, flags, data_page);
-	if (retval)
+	if ((retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page)))
 		goto dput_out;
 
 	if (flags & MS_REMOUNT)
@@ -939,8 +937,7 @@
 	if (error)
 		goto out1;
 
-	error = security_ops->sb_pivotroot(&old_nd, &new_nd);
-	if (error) {
+	if ((error = security_sb_pivotroot(&old_nd, &new_nd))) {
 		path_release(&old_nd);
 		goto out1;
 	}
@@ -989,7 +986,7 @@
 	attach_mnt(new_nd.mnt, &root_parent);
 	spin_unlock(&dcache_lock);
 	chroot_fs_refs(&user_nd, &new_nd);
-	security_ops->sb_post_pivotroot(&user_nd, &new_nd);
+	security_sb_post_pivotroot(&user_nd, &new_nd);
 	error = 0;
 	path_release(&root_parent);
 	path_release(&parent_nd);
===== fs/open.c 1.28 vs edited =====
--- 1.28/fs/open.c	Sun Oct 13 08:39:40 2002
+++ edited/fs/open.c	Tue Oct 15 23:19:46 2002
@@ -30,8 +30,7 @@
 		retval = -ENOSYS;
 		if (sb->s_op && sb->s_op->statfs) {
 			memset(buf, 0, sizeof(struct statfs));
-			retval = security_ops->sb_statfs(sb);
-			if (retval)
+			if ((retval = security_sb_statfs(sb)))
 				return retval;
 			retval = sb->s_op->statfs(sb, buf);
 		}
===== fs/quota.c 1.8 vs edited =====
--- 1.8/fs/quota.c	Mon Jul 22 03:12:48 2002
+++ edited/fs/quota.c	Tue Oct 15 22:54:46 2002
@@ -98,7 +98,7 @@
 		if (!capable(CAP_SYS_ADMIN))
 			return -EPERM;
 
-	return security_ops->quotactl (cmd, type, id, sb);
+	return security_quotactl (cmd, type, id, sb);
 }
 
 /* Resolve device pathname to superblock */
===== fs/read_write.c 1.19 vs edited =====
--- 1.19/fs/read_write.c	Thu Oct 10 14:36:26 2002
+++ edited/fs/read_write.c	Wed Oct 16 00:08:14 2002
@@ -121,8 +121,7 @@
 	if (!file)
 		goto bad;
 
-	retval = security_ops->file_llseek(file);
-	if (retval) {
+	if ((retval = security_file_llseek(file))) {
 		fput(file);
 		goto bad;
 	}
@@ -153,8 +152,7 @@
 	if (!file)
 		goto bad;
 
-	retval = security_ops->file_llseek(file);
-	if (retval)
+	if ((retval = security_file_llseek(file)))
 		goto out_putf;
 
 	retval = -EINVAL;
@@ -203,8 +201,7 @@
 
 	ret = locks_verify_area(FLOCK_VERIFY_READ, inode, file, *pos, count);
 	if (!ret) {
-		ret = security_ops->file_permission (file, MAY_READ);
-		if (!ret) {
+		if (!(ret = security_file_permission (file, MAY_READ))) {
 			if (file->f_op->read)
 				ret = file->f_op->read(file, buf, count, pos);
 			else
@@ -243,8 +240,7 @@
 
 	ret = locks_verify_area(FLOCK_VERIFY_WRITE, inode, file, *pos, count);
 	if (!ret) {
-		ret = security_ops->file_permission (file, MAY_WRITE);
-		if (!ret) {
+		if (!(ret = security_file_permission (file, MAY_WRITE))) {
 			if (file->f_op->write)
 				ret = file->f_op->write(file, buf, count, pos);
 			else
@@ -475,8 +471,7 @@
 		goto bad_file;
 	if (file->f_op && (file->f_mode & FMODE_READ) &&
 	    (file->f_op->readv || file->f_op->read)) {
-		ret = security_ops->file_permission (file, MAY_READ);
-		if (!ret)
+		if (!(ret = security_file_permission (file, MAY_READ)))
 			ret = do_readv_writev(READ, file, vector, nr_segs);
 	}
 	fput(file);
@@ -498,8 +493,7 @@
 		goto bad_file;
 	if (file->f_op && (file->f_mode & FMODE_WRITE) &&
 	    (file->f_op->writev || file->f_op->write)) {
-		ret = security_ops->file_permission (file, MAY_WRITE);
-		if (!ret)
+		if (!(ret = security_file_permission (file, MAY_WRITE)))
 			ret = do_readv_writev(WRITE, file, vector, nr_segs);
 	}
 	fput(file);
===== fs/readdir.c 1.9 vs edited =====
--- 1.9/fs/readdir.c	Mon Jul 22 03:12:48 2002
+++ edited/fs/readdir.c	Wed Oct 16 00:06:40 2002
@@ -11,6 +11,7 @@
 #include <linux/file.h>
 #include <linux/smp_lock.h>
 #include <linux/fs.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 
@@ -21,8 +22,7 @@
 	if (!file->f_op || !file->f_op->readdir)
 		goto out;
 
-	res = security_ops->file_permission(file, MAY_READ);
-	if (res)
+	if ((res = security_file_permission(file, MAY_READ)))
 		goto out;
 
 	down(&inode->i_sem);
===== fs/stat.c 1.13 vs edited =====
--- 1.13/fs/stat.c	Mon Jul 22 03:12:48 2002
+++ edited/fs/stat.c	Tue Oct 15 23:49:19 2002
@@ -39,8 +39,7 @@
 	struct inode *inode = dentry->d_inode;
 	int retval;
 
-	retval = security_ops->inode_getattr(mnt, dentry);
-	if (retval)
+	if ((retval = security_inode_getattr(mnt, dentry)))
 		return retval;
 
 	if (inode->i_op->getattr)
@@ -238,8 +237,7 @@
 
 		error = -EINVAL;
 		if (inode->i_op && inode->i_op->readlink) {
-			error = security_ops->inode_readlink(nd.dentry);
-			if (!error) {
+			if (!(error = security_inode_readlink(nd.dentry))) {
 				UPDATE_ATIME(inode);
 				error = inode->i_op->readlink(nd.dentry, buf, bufsiz);
 			}
===== fs/super.c 1.83 vs edited =====
--- 1.83/fs/super.c	Mon Sep  9 14:00:57 2002
+++ edited/fs/super.c	Tue Oct 15 23:18:44 2002
@@ -29,9 +29,9 @@
 #include <linux/quotaops.h>
 #include <linux/namei.h>
 #include <linux/buffer_head.h>		/* for fsync_super() */
+#include <linux/security.h>
 #include <asm/uaccess.h>
 
-#include <linux/security.h>
 
 void get_filesystem(struct file_system_type *fs);
 void put_filesystem(struct file_system_type *fs);
@@ -51,7 +51,7 @@
 	struct super_block *s = kmalloc(sizeof(struct super_block),  GFP_USER);
 	if (s) {
 		memset(s, 0, sizeof(struct super_block));
-		if (security_ops->sb_alloc_security(s)) {
+		if (security_sb_alloc(s)) {
 			kfree(s);
 			s = NULL;
 			goto out;
@@ -85,7 +85,7 @@
  */
 static inline void destroy_super(struct super_block *s)
 {
-	security_ops->sb_free_security(s);
+	security_sb_free(s);
 	kfree(s);
 }
 
===== fs/xattr.c 1.7 vs edited =====
--- 1.7/fs/xattr.c	Mon Jul 22 03:12:48 2002
+++ edited/fs/xattr.c	Tue Oct 15 23:51:34 2002
@@ -13,6 +13,7 @@
 #include <linux/file.h>
 #include <linux/xattr.h>
 #include <linux/namei.h>
+#include <linux/security.h>
 #include <asm/uaccess.h>
 
 /*
@@ -85,9 +86,7 @@
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->setxattr) {
-		error = security_ops->inode_setxattr(d, kname, kvalue,
-				size, flags);
-		if (error)
+		if ((error = security_inode_setxattr(d, kname, kvalue, size, flags)))
 			goto out;
 		down(&d->d_inode->i_sem);
 		error = d->d_inode->i_op->setxattr(d, kname, kvalue, size, flags);
@@ -163,8 +162,7 @@
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->getxattr) {
-		error = security_ops->inode_getxattr(d, kname);
-		if (error)
+		if ((error = security_inode_getxattr(d, kname)))
 			goto out;
 		down(&d->d_inode->i_sem);
 		error = d->d_inode->i_op->getxattr(d, kname, kvalue, size);
@@ -236,8 +234,7 @@
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->listxattr) {
-		error = security_ops->inode_listxattr(d);
-		if (error)
+		if ((error = security_inode_listxattr(d)))
 			goto out;
 		down(&d->d_inode->i_sem);
 		error = d->d_inode->i_op->listxattr(d, klist, size);
@@ -311,8 +308,7 @@
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->removexattr) {
-		error = security_ops->inode_removexattr(d, kname);
-		if (error)
+		if ((error = security_inode_removexattr(d, kname)))
 			goto out;
 		down(&d->d_inode->i_sem);
 		error = d->d_inode->i_op->removexattr(d, kname);
===== fs/proc/base.c 1.31 vs edited =====
--- 1.31/fs/proc/base.c	Sat Sep 28 08:36:29 2002
+++ edited/fs/proc/base.c	Tue Oct 15 23:22:02 2002
@@ -28,6 +28,7 @@
 #include <linux/namespace.h>
 #include <linux/mm.h>
 #include <linux/smp_lock.h>
+#include <linux/security.h>
 
 /*
  * For hysterical raisins we keep the same inumbers as in the old procfs.
@@ -394,7 +395,7 @@
 };
 
 #define MAY_PTRACE(p) \
-(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ops->ptrace(current,p)==0))
+(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ptrace(current,p)==0))
 
 
 static int mem_open(struct inode* inode, struct file* file)
===== include/linux/sched.h 1.107 vs edited =====
--- 1.107/include/linux/sched.h	Tue Oct 15 15:32:40 2002
+++ edited/include/linux/sched.h	Tue Oct 15 22:24:46 2002
@@ -596,9 +596,11 @@
 		       unsigned long, const char *, void *);
 extern void free_irq(unsigned int, void *);
 
+
+#ifdef CONFIG_SECURITY
 /* capable prototype and code moved to security.[hc] */
 #include <linux/security.h>
-#if 0
+#else
 static inline int capable(int cap)
 {
 	if (cap_raised(current->cap_effective, cap)) {
@@ -607,7 +609,7 @@
 	}
 	return 0;
 }
-#endif	/* if 0 */
+#endif
 
 /*
  * Routines for handling mm_structs
===== include/linux/security.h 1.4 vs edited =====
--- 1.4/include/linux/security.h	Tue Oct  8 02:20:18 2002
+++ edited/include/linux/security.h	Wed Oct 16 10:44:28 2002
@@ -22,8 +22,6 @@
 #ifndef __LINUX_SECURITY_H
 #define __LINUX_SECURITY_H
 
-#ifdef __KERNEL__
-
 #include <linux/fs.h>
 #include <linux/binfmts.h>
 #include <linux/signal.h>
@@ -33,6 +31,20 @@
 #include <linux/shm.h>
 #include <linux/msg.h>
 
+
+/* These functions are in security/capability.c and are used
+ * as the default capabilities functions */
+extern int cap_capable (struct task_struct *tsk, int cap);
+extern int cap_ptrace (struct task_struct *parent, struct task_struct *child);
+extern int cap_capget (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
+extern int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
+extern void cap_capset_set (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
+extern int cap_bprm_set_security (struct linux_binprm *bprm);
+extern void cap_bprm_compute_creds (struct linux_binprm *bprm);
+extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
+extern void cap_task_kmod_set_label (void);
+extern void cap_task_reparent_to_init (struct task_struct *p);
+
 /*
  * Values used in the task_security_ops calls
  */
@@ -48,6 +60,9 @@
 /* setfsuid or setfsgid, id0 == fsuid or fsgid */
 #define LSM_SETID_FS	8
 
+
+#ifdef CONFIG_SECURITY
+
 /* forward declares to avoid warnings */
 struct sk_buff;
 struct net_device;
@@ -848,6 +863,531 @@
 	                            struct security_operations *ops);
 };
 
+/* global variables */
+extern struct security_operations *security_ops;
+
+/* inline stuff */
+static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
+{
+	return security_ops->ptrace (parent, child);
+}
+
+static inline int security_capget (struct task_struct *target,
+				   kernel_cap_t *effective,
+				   kernel_cap_t *inheritable,
+				   kernel_cap_t *permitted)
+{
+	return security_ops->capget (target, effective, inheritable, permitted);
+}
+
+static inline int security_capset_check (struct task_struct *target,
+					 kernel_cap_t *effective,
+					 kernel_cap_t *inheritable,
+					 kernel_cap_t *permitted)
+{
+	return security_ops->capset_check (target, effective, inheritable, permitted);
+}
+
+static inline void security_capset_set (struct task_struct *target,
+					kernel_cap_t *effective,
+					kernel_cap_t *inheritable,
+					kernel_cap_t *permitted)
+{
+	security_ops->capset_set (target, effective, inheritable, permitted);
+}
+
+static inline int security_acct (struct file *file)
+{
+	return security_ops->acct (file);
+}
+
+static inline int security_quotactl (int cmds, int type, int id,
+				     struct super_block *sb)
+{
+	return security_ops->quotactl (cmds, type, id, sb);
+}
+
+static inline int security_quota_on (struct file * file)
+{
+	return security_ops->quota_on (file);
+}
+
+static inline int security_bprm_alloc (struct linux_binprm *bprm)
+{
+	return security_ops->bprm_alloc_security (bprm);
+}
+static inline void security_bprm_free (struct linux_binprm *bprm)
+{
+	security_ops->bprm_free_security (bprm);
+}
+static inline void security_bprm_compute_creds (struct linux_binprm *bprm)
+{
+	security_ops->bprm_compute_creds (bprm);
+}
+static inline int security_bprm_set (struct linux_binprm *bprm)
+{
+	return security_ops->bprm_set_security (bprm);
+}
+static inline int security_bprm_check (struct linux_binprm *bprm)
+{
+	return security_ops->bprm_check_security (bprm);
+}
+
+static inline int security_sb_alloc (struct super_block *sb)
+{
+	return security_ops->sb_alloc_security (sb);
+}
+
+static inline void security_sb_free (struct super_block *sb)
+{
+	security_ops->sb_free_security (sb);
+}
+
+static inline int security_sb_statfs (struct super_block *sb)
+{
+	return security_ops->sb_statfs (sb);
+}
+
+static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
+				    char *type, unsigned long flags,
+				    void *data)
+{
+	return security_ops->sb_mount (dev_name, nd, type, flags, data);
+}
+
+static inline int security_sb_check_sb (struct vfsmount *mnt,
+					struct nameidata *nd)
+{
+	return security_ops->sb_check_sb (mnt, nd);
+}
+
+static inline int security_sb_umount (struct vfsmount *mnt, int flags)
+{
+	return security_ops->sb_umount (mnt, flags);
+}
+
+static inline void security_sb_umount_close (struct vfsmount *mnt)
+{
+	security_ops->sb_umount_close (mnt);
+}
+
+static inline void security_sb_umount_busy (struct vfsmount *mnt)
+{
+	security_ops->sb_umount_busy (mnt);
+}
+
+static inline void security_sb_post_remount (struct vfsmount *mnt,
+					     unsigned long flags, void *data)
+{
+	security_ops->sb_post_remount (mnt, flags, data);
+}
+
+static inline void security_sb_post_mountroot (void)
+{
+	security_ops->sb_post_mountroot ();
+}
+
+static inline void security_sb_post_addmount (struct vfsmount *mnt,
+					      struct nameidata *mountpoint_nd)
+{
+	security_ops->sb_post_addmount (mnt, mountpoint_nd);
+}
+
+static inline int security_sb_pivotroot (struct nameidata *old_nd,
+					 struct nameidata *new_nd)
+{
+	return security_ops->sb_pivotroot (old_nd, new_nd);
+}
+
+static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
+					       struct nameidata *new_nd)
+{
+	security_ops->sb_post_pivotroot (old_nd, new_nd);
+}
+
+static inline int security_inode_alloc (struct inode *inode)
+{
+	return security_ops->inode_alloc_security (inode);
+}
+
+static inline void security_inode_free (struct inode *inode)
+{
+	security_ops->inode_free_security (inode);
+}
+	
+static inline int security_inode_create (struct inode *dir,
+					 struct dentry *dentry,
+					 int mode)
+{
+	return security_ops->inode_create (dir, dentry, mode);
+}
+
+static inline void security_inode_post_create (struct inode *dir,
+					       struct dentry *dentry,
+					       int mode)
+{
+	security_ops->inode_post_create (dir, dentry, mode);
+}
+
+static inline int security_inode_link (struct dentry *old_dentry,
+				       struct inode *dir,
+				       struct dentry *new_dentry)
+{
+	return security_ops->inode_link (old_dentry, dir, new_dentry);
+}
+
+static inline void security_inode_post_link (struct dentry *old_dentry,
+					     struct inode *dir,
+					     struct dentry *new_dentry)
+{
+	security_ops->inode_post_link (old_dentry, dir, new_dentry);
+}
+
+static inline int security_inode_unlink (struct inode *dir,
+					 struct dentry *dentry)
+{
+	return security_ops->inode_unlink (dir, dentry);
+}
+
+static inline int security_inode_symlink (struct inode *dir,
+					  struct dentry *dentry,
+					  const char *old_name)
+{
+	return security_ops->inode_symlink (dir, dentry, old_name);
+}
+
+static inline void security_inode_post_symlink (struct inode *dir,
+						struct dentry *dentry,
+						const char *old_name)
+{
+	security_ops->inode_post_symlink (dir, dentry, old_name);
+}
+
+static inline int security_inode_mkdir (struct inode *dir,
+					struct dentry *dentry,
+					int mode)
+{
+	return security_ops->inode_mkdir (dir, dentry, mode);
+}
+
+static inline void security_inode_post_mkdir (struct inode *dir,
+					      struct dentry *dentry,
+					      int mode)
+{
+	security_ops->inode_post_mkdir (dir, dentry, mode);
+}
+
+static inline int security_inode_rmdir (struct inode *dir,
+					struct dentry *dentry)
+{
+	return security_ops->inode_rmdir (dir, dentry);
+}
+
+static inline int security_inode_mknod (struct inode *dir,
+					struct dentry *dentry,
+					int mode, dev_t dev)
+{
+	return security_ops->inode_mknod (dir, dentry, mode, dev);
+}
+
+static inline void security_inode_post_mknod (struct inode *dir,
+					      struct dentry *dentry,
+					      int mode, dev_t dev)
+{
+	security_ops->inode_post_mknod (dir, dentry, mode, dev);
+}
+
+static inline int security_inode_rename (struct inode *old_dir,
+					 struct dentry *old_dentry,
+					 struct inode *new_dir,
+					 struct dentry *new_dentry)
+{
+	return security_ops->inode_rename (old_dir, old_dentry,
+					   new_dir, new_dentry);
+}
+
+static inline void security_inode_post_rename (struct inode *old_dir,
+					       struct dentry *old_dentry,
+					       struct inode *new_dir,
+					       struct dentry *new_dentry)
+{
+	security_ops->inode_post_rename (old_dir, old_dentry,
+						new_dir, new_dentry);
+}
+
+static inline int security_inode_readlink (struct dentry *dentry)
+{
+	return security_ops->inode_readlink (dentry);
+}
+
+static inline int security_inode_follow_link (struct dentry *dentry,
+					      struct nameidata *nd)
+{
+	return security_ops->inode_follow_link (dentry, nd);
+}
+
+static inline int security_inode_permission (struct inode *inode, int mask)
+{
+	return security_ops->inode_permission (inode, mask);
+}
+
+static inline int security_inode_permission_lite (struct inode *inode,
+						  int mask)
+{
+	return security_ops->inode_permission_lite (inode, mask);
+}
+
+static inline int security_inode_setattr (struct dentry *dentry,
+					  struct iattr *attr)
+{
+	return security_ops->inode_setattr (dentry, attr);
+}
+
+static inline int security_inode_getattr (struct vfsmount *mnt,
+					  struct dentry *dentry)
+{
+	return security_ops->inode_getattr (mnt, dentry);
+}
+
+static inline void security_inode_post_lookup (struct inode *inode,
+					       struct dentry *dentry)
+{
+	security_ops->inode_post_lookup (inode, dentry);
+}
+
+static inline void security_inode_delete (struct inode *inode)
+{
+	security_ops->inode_delete (inode);
+}
+
+static inline int security_inode_setxattr (struct dentry *dentry, char *name,
+					   void *value, size_t size, int flags)
+{
+	return security_ops->inode_setxattr (dentry, name, value, size, flags);
+}
+
+static inline int security_inode_getxattr (struct dentry *dentry, char *name)
+{
+	return security_ops->inode_getxattr (dentry, name);
+}
+
+static inline int security_inode_listxattr (struct dentry *dentry)
+{
+	return security_ops->inode_listxattr (dentry);
+}
+
+static inline int security_inode_removexattr (struct dentry *dentry, char *name)
+{
+	return security_ops->inode_removexattr (dentry, name);
+}
+
+static inline int security_file_permission (struct file *file, int mask)
+{
+	return security_ops->file_permission (file, mask);
+}
+
+static inline int security_file_alloc (struct file *file)
+{
+	return security_ops->file_alloc_security (file);
+}
+
+static inline void security_file_free (struct file *file)
+{
+	security_ops->file_free_security (file);
+}
+
+static inline int security_file_llseek (struct file *file)
+{
+	return security_ops->file_llseek (file);
+}
+
+static inline int security_file_ioctl (struct file *file, unsigned int cmd,
+				       unsigned long arg)
+{
+	return security_ops->file_ioctl (file, cmd, arg);
+}
+
+static inline int security_file_mmap (struct file *file, unsigned long prot,
+				      unsigned long flags)
+{
+	return security_ops->file_mmap (file, prot, flags);
+}
+
+static inline int security_file_mprotect (struct vm_area_struct *vma,
+					  unsigned long prot)
+{
+	return security_ops->file_mprotect (vma, prot);
+}
+
+static inline int security_file_lock (struct file *file, unsigned int cmd)
+{
+	return security_ops->file_lock (file, cmd);
+}
+
+static inline int security_file_fcntl (struct file *file, unsigned int cmd,
+				       unsigned long arg)
+{
+	return security_ops->file_fcntl (file, cmd, arg);
+}
+
+static inline int security_file_set_fowner (struct file *file)
+{
+	return security_ops->file_set_fowner (file);
+}
+
+static inline int security_file_send_sigiotask (struct task_struct *tsk,
+						struct fown_struct *fown,
+						int fd, int reason)
+{
+	return security_ops->file_send_sigiotask (tsk, fown, fd, reason);
+}
+
+static inline int security_file_receive (struct file *file)
+{
+	return security_ops->file_receive (file);
+}
+
+static inline int security_task_create (unsigned long clone_flags)
+{
+	return security_ops->task_create (clone_flags);
+}
+
+static inline int security_task_alloc (struct task_struct *p)
+{
+	return security_ops->task_alloc_security (p);
+}
+
+static inline void security_task_free (struct task_struct *p)
+{
+	security_ops->task_free_security (p);
+}
+
+static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2,
+					int flags)
+{
+	return security_ops->task_setuid (id0, id1, id2, flags);
+}
+
+static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid,
+					     uid_t old_suid, int flags)
+{
+	return security_ops->task_post_setuid (old_ruid, old_euid, old_suid, flags);
+}
+
+static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2,
+					int flags)
+{
+	return security_ops->task_setgid (id0, id1, id2, flags);
+}
+
+static inline int security_task_setpgid (struct task_struct *p, pid_t pgid)
+{
+	return security_ops->task_setpgid (p, pgid);
+}
+
+static inline int security_task_getpgid (struct task_struct *p)
+{
+	return security_ops->task_getpgid (p);
+}
+
+static inline int security_task_getsid (struct task_struct *p)
+{
+	return security_ops->task_getsid (p);
+}
+
+static inline int security_task_setgroups (int gidsetsize, gid_t *grouplist)
+{
+	return security_ops->task_setgroups (gidsetsize, grouplist);
+}
+
+static inline int security_task_setnice (struct task_struct *p, int nice)
+{
+	return security_ops->task_setnice (p, nice);
+}
+
+static inline int security_task_setrlimit (unsigned int resource,
+					   struct rlimit *new_rlim)
+{
+	return security_ops->task_setrlimit (resource, new_rlim);
+}
+
+static inline int security_task_setscheduler (struct task_struct *p,
+					      int policy,
+					      struct sched_param *lp)
+{
+	return security_ops->task_setscheduler (p, policy, lp);
+}
+
+static inline int security_task_getscheduler (struct task_struct *p)
+{
+	return security_ops->task_getscheduler (p);
+}
+
+static inline int security_task_kill (struct task_struct *p,
+				      struct siginfo *info, int sig)
+{
+	return security_ops->task_kill (p, info, sig);
+}
+
+static inline int security_task_wait (struct task_struct *p)
+{
+	return security_ops->task_wait (p);
+}
+
+static inline int security_task_prctl (int option, unsigned long arg2,
+				       unsigned long arg3,
+				       unsigned long arg4,
+				       unsigned long arg5)
+{
+	return security_ops->task_prctl (option, arg2, arg3, arg4, arg5);
+}
+
+static inline void security_task_kmod_set_label (void)
+{
+	security_ops->task_kmod_set_label ();
+}
+
+static inline void security_task_reparent_to_init (struct task_struct *p)
+{
+	security_ops->task_reparent_to_init (p);
+}
+
+static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
+					   short flag)
+{
+	return security_ops->ipc_permission (ipcp, flag);
+}
+
+static inline int security_msg_queue_alloc (struct msg_queue *msq)
+{
+	return security_ops->msg_queue_alloc_security (msq);
+}
+
+static inline void security_msg_queue_free (struct msg_queue *msq)
+{
+	security_ops->msg_queue_free_security (msq);
+}
+
+static inline int security_shm_alloc (struct shmid_kernel *shp)
+{
+	return security_ops->shm_alloc_security (shp);
+}
+
+static inline void security_shm_free (struct shmid_kernel *shp)
+{
+	security_ops->shm_free_security (shp);
+}
+
+static inline int security_sem_alloc (struct sem_array *sma)
+{
+	return security_ops->sem_alloc_security (sma);
+}
+
+static inline void security_sem_free (struct sem_array *sma)
+{
+	security_ops->sem_free_security (sma);
+}
+
 
 /* prototypes */
 extern int security_scaffolding_startup	(void);
@@ -857,11 +1397,501 @@
 extern int mod_unreg_security	(const char *name, struct security_operations *ops);
 extern int capable		(int cap);
 
-/* global variables */
-extern struct security_operations *security_ops;
 
+#else /* CONFIG_SECURITY */
+
+/*
+ * This is the default capabilities functionality.  Most of these functions
+ * are just stubbed out, but a few must call the proper capable code.
+ */
+
+static inline int security_scaffolding_startup (void)
+{
+	return 0;
+}
+
+static inline int security_ptrace (struct task_struct *parent, struct task_struct * child)
+{
+	return cap_ptrace (parent, child);
+}
+
+static inline int security_capget (struct task_struct *target,
+				   kernel_cap_t *effective,
+				   kernel_cap_t *inheritable,
+				   kernel_cap_t *permitted)
+{
+	return cap_capget (target, effective, inheritable, permitted);
+}
+
+static inline int security_capset_check (struct task_struct *target,
+					 kernel_cap_t *effective,
+					 kernel_cap_t *inheritable,
+					 kernel_cap_t *permitted)
+{
+	return cap_capset_check (target, effective, inheritable, permitted);
+}
+
+static inline void security_capset_set (struct task_struct *target,
+					kernel_cap_t *effective,
+					kernel_cap_t *inheritable,
+					kernel_cap_t *permitted)
+{
+	cap_capset_set (target, effective, inheritable, permitted);
+}
+
+static inline int security_acct (struct file *file)
+{
+	return 0;
+}
+
+static inline int security_quotactl (int cmds, int type, int id,
+				     struct super_block * sb)
+{
+	return 0;
+}
+
+static inline int security_quota_on (struct file * file)
+{
+	return 0;
+}
+
+static inline int security_bprm_alloc (struct linux_binprm *bprm)
+{
+	return 0;
+}
+
+static inline void security_bprm_free (struct linux_binprm *bprm)
+{ }
+
+static inline void security_bprm_compute_creds (struct linux_binprm *bprm)
+{ 
+	cap_bprm_compute_creds (bprm);
+}
+
+static inline int security_bprm_set (struct linux_binprm *bprm)
+{
+	return cap_bprm_set_security (bprm);
+}
+
+static inline int security_bprm_check (struct linux_binprm *bprm)
+{
+	return 0;
+}
+
+static inline int security_sb_alloc (struct super_block *sb)
+{
+	return 0;
+}
+
+static inline void security_sb_free (struct super_block *sb)
+{ }
+
+static inline int security_sb_statfs (struct super_block *sb)
+{
+	return 0;
+}
+
+static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
+				    char *type, unsigned long flags,
+				    void *data)
+{
+	return 0;
+}
+
+static inline int security_sb_check_sb (struct vfsmount *mnt,
+					struct nameidata *nd)
+{
+	return 0;
+}
+
+static inline int security_sb_umount (struct vfsmount *mnt, int flags)
+{
+	return 0;
+}
+
+static inline void security_sb_umount_close (struct vfsmount *mnt)
+{ }
+
+static inline void security_sb_umount_busy (struct vfsmount *mnt)
+{ }
+
+static inline void security_sb_post_remount (struct vfsmount *mnt,
+					     unsigned long flags, void *data)
+{ }
+
+static inline void security_sb_post_mountroot (void)
+{ }
+
+static inline void security_sb_post_addmount (struct vfsmount *mnt,
+					      struct nameidata *mountpoint_nd)
+{ }
+
+static inline int security_sb_pivotroot (struct nameidata *old_nd,
+					 struct nameidata *new_nd)
+{
+	return 0;
+}
+
+static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
+					       struct nameidata *new_nd)
+{ }
+
+static inline int security_inode_alloc (struct inode *inode)
+{
+	return 0;
+}
+
+static inline void security_inode_free (struct inode *inode)
+{ }
+	
+static inline int security_inode_create (struct inode *dir,
+					 struct dentry *dentry,
+					 int mode)
+{
+	return 0;
+}
+
+static inline void security_inode_post_create (struct inode *dir,
+					       struct dentry *dentry,
+					       int mode)
+{ }
+
+static inline int security_inode_link (struct dentry *old_dentry,
+				       struct inode *dir,
+				       struct dentry *new_dentry)
+{
+	return 0;
+}
+
+static inline void security_inode_post_link (struct dentry *old_dentry,
+					     struct inode *dir,
+					     struct dentry *new_dentry)
+{ }
+
+static inline int security_inode_unlink (struct inode *dir,
+					 struct dentry *dentry)
+{
+	return 0;
+}
+
+static inline int security_inode_symlink (struct inode *dir,
+					  struct dentry *dentry,
+					  const char *old_name)
+{
+	return 0;
+}
+
+static inline void security_inode_post_symlink (struct inode *dir,
+						struct dentry *dentry,
+						const char *old_name)
+{ }
+
+static inline int security_inode_mkdir (struct inode *dir,
+					struct dentry *dentry,
+					int mode)
+{
+	return 0;
+}
+
+static inline void security_inode_post_mkdir (struct inode *dir,
+					      struct dentry *dentry,
+					      int mode)
+{ }
+
+static inline int security_inode_rmdir (struct inode *dir,
+					struct dentry *dentry)
+{
+	return 0;
+}
+
+static inline int security_inode_mknod (struct inode *dir,
+					struct dentry *dentry,
+					int mode, dev_t dev)
+{
+	return 0;
+}
+
+static inline void security_inode_post_mknod (struct inode *dir,
+					      struct dentry *dentry,
+					      int mode, dev_t dev)
+{ }
+
+static inline int security_inode_rename (struct inode *old_dir,
+					 struct dentry *old_dentry,
+					 struct inode *new_dir,
+					 struct dentry *new_dentry)
+{
+	return 0;
+}
+
+static inline void security_inode_post_rename (struct inode *old_dir,
+					       struct dentry *old_dentry,
+					       struct inode *new_dir,
+					       struct dentry *new_dentry)
+{ }
+
+static inline int security_inode_readlink (struct dentry *dentry)
+{
+	return 0;
+}
+
+static inline int security_inode_follow_link (struct dentry *dentry,
+					      struct nameidata *nd)
+{
+	return 0;
+}
+
+static inline int security_inode_permission (struct inode *inode, int mask)
+{
+	return 0;
+}
+
+static inline int security_inode_permission_lite (struct inode *inode,
+						  int mask)
+{
+	return 0;
+}
+
+static inline int security_inode_setattr (struct dentry *dentry,
+					  struct iattr *attr)
+{
+	return 0;
+}
+
+static inline int security_inode_getattr (struct vfsmount *mnt,
+					  struct dentry *dentry)
+{
+	return 0;
+}
+
+static inline void security_inode_post_lookup (struct inode *inode,
+					       struct dentry *dentry)
+{ }
+
+static inline void security_inode_delete (struct inode *inode)
+{ }
+
+static inline int security_inode_setxattr (struct dentry *dentry, char *name,
+					   void *value, size_t size, int flags)
+{
+	return 0;
+}
+
+static inline int security_inode_getxattr (struct dentry *dentry, char *name)
+{
+	return 0;
+}
+
+static inline int security_inode_listxattr (struct dentry *dentry)
+{
+	return 0;
+}
+
+static inline int security_inode_removexattr (struct dentry *dentry, char *name)
+{
+	return 0;
+}
+
+static inline int security_file_permission (struct file *file, int mask)
+{
+	return 0;
+}
+
+static inline int security_file_alloc (struct file *file)
+{
+	return 0;
+}
+
+static inline void security_file_free (struct file *file)
+{ }
+
+static inline int security_file_llseek (struct file *file)
+{
+	return 0;
+}
+
+static inline int security_file_ioctl (struct file *file, unsigned int cmd,
+				       unsigned long arg)
+{
+	return 0;
+}
+
+static inline int security_file_mmap (struct file *file, unsigned long prot,
+				      unsigned long flags)
+{
+	return 0;
+}
+
+static inline int security_file_mprotect (struct vm_area_struct *vma,
+					  unsigned long prot)
+{
+	return 0;
+}
+
+static inline int security_file_lock (struct file *file, unsigned int cmd)
+{
+	return 0;
+}
+
+static inline int security_file_fcntl (struct file *file, unsigned int cmd,
+				       unsigned long arg)
+{
+	return 0;
+}
+
+static inline int security_file_set_fowner (struct file *file)
+{
+	return 0;
+}
+
+static inline int security_file_send_sigiotask (struct task_struct *tsk,
+						struct fown_struct *fown,
+						int fd, int reason)
+{
+	return 0;
+}
+
+static inline int security_file_receive (struct file *file)
+{
+	return 0;
+}
+
+static inline int security_task_create (unsigned long clone_flags)
+{
+	return 0;
+}
+
+static inline int security_task_alloc (struct task_struct *p)
+{
+	return 0;
+}
+
+static inline void security_task_free (struct task_struct *p)
+{ }
+
+static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2,
+					int flags)
+{
+	return 0;
+}
+
+static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid,
+					     uid_t old_suid, int flags)
+{
+	return cap_task_post_setuid (old_ruid, old_euid, old_suid, flags);
+}
+
+static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2,
+					int flags)
+{
+	return 0;
+}
+
+static inline int security_task_setpgid (struct task_struct *p, pid_t pgid)
+{
+	return 0;
+}
+
+static inline int security_task_getpgid (struct task_struct *p)
+{
+	return 0;
+}
+
+static inline int security_task_getsid (struct task_struct *p)
+{
+	return 0;
+}
+
+static inline int security_task_setgroups (int gidsetsize, gid_t *grouplist)
+{
+	return 0;
+}
+
+static inline int security_task_setnice (struct task_struct *p, int nice)
+{
+	return 0;
+}
+
+static inline int security_task_setrlimit (unsigned int resource,
+					   struct rlimit *new_rlim)
+{
+	return 0;
+}
+
+static inline int security_task_setscheduler (struct task_struct *p,
+					      int policy,
+					      struct sched_param *lp)
+{
+	return 0;
+}
+
+static inline int security_task_getscheduler (struct task_struct *p)
+{
+	return 0;
+}
+
+static inline int security_task_kill (struct task_struct *p,
+				      struct siginfo *info, int sig)
+{
+	return 0;
+}
+
+static inline int security_task_wait (struct task_struct *p)
+{
+	return 0;
+}
+
+static inline int security_task_prctl (int option, unsigned long arg2,
+				       unsigned long arg3,
+				       unsigned long arg4,
+				       unsigned long arg5)
+{
+	return 0;
+}
+
+static inline void security_task_kmod_set_label (void)
+{
+	cap_task_kmod_set_label ();
+}
+
+static inline void security_task_reparent_to_init (struct task_struct *p)
+{
+	cap_task_reparent_to_init (p);
+}
+
+static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
+					   short flag)
+{
+	return 0;
+}
+
+static inline int security_msg_queue_alloc (struct msg_queue *msq)
+{
+	return 0;
+}
+
+static inline void security_msg_queue_free (struct msg_queue *msq)
+{ }
+
+static inline int security_shm_alloc (struct shmid_kernel *shp)
+{
+	return 0;
+}
+
+static inline void security_shm_free (struct shmid_kernel *shp)
+{ }
+
+static inline int security_sem_alloc (struct sem_array *sma)
+{
+	return 0;
+}
+
+static inline void security_sem_free (struct sem_array *sma)
+{ }
+
+
+#endif	/* CONFIG_SECURITY */
 
-#endif /* __KERNEL__ */
 
 #endif /* ! __LINUX_SECURITY_H */
 
===== init/do_mounts.c 1.25 vs edited =====
--- 1.25/init/do_mounts.c	Fri Oct  4 13:51:37 2002
+++ edited/init/do_mounts.c	Wed Oct 16 00:36:15 2002
@@ -12,6 +12,7 @@
 #include <linux/init.h>
 #include <linux/suspend.h>
 #include <linux/root_dev.h>
+#include <linux/security.h>
 
 #include <linux/nfs_fs.h>
 #include <linux/nfs_fs_sb.h>
@@ -799,7 +800,7 @@
 	sys_umount("/dev", 0);
 	sys_mount(".", "/", NULL, MS_MOVE, NULL);
 	sys_chroot(".");
-	security_ops->sb_post_mountroot();
+	security_sb_post_mountroot();
 	mount_devfs_fs ();
 }
 
===== ipc/msg.c 1.7 vs edited =====
--- 1.7/ipc/msg.c	Tue Oct  8 02:20:42 2002
+++ edited/ipc/msg.c	Wed Oct 16 00:37:48 2002
@@ -101,15 +101,14 @@
 	msq->q_perm.key = key;
 
 	msq->q_perm.security = NULL;
-	retval = security_ops->msg_queue_alloc_security(msq);
-	if (retval) {
+	if ((retval = security_msg_queue_alloc(msq))) {
 		kfree(msq);
 		return retval;
 	}
 
 	id = ipc_addid(&msg_ids, &msq->q_perm, msg_ctlmni);
 	if(id == -1) {
-		security_ops->msg_queue_free_security(msq);
+		security_msg_queue_free(msq);
 		kfree(msq);
 		return -ENOSPC;
 	}
@@ -281,7 +280,7 @@
 		free_msg(msg);
 	}
 	atomic_sub(msq->q_cbytes, &msg_bytes);
-	security_ops->msg_queue_free_security(msq);
+	security_msg_queue_free(msq);
 	kfree(msq);
 }
 
===== ipc/sem.c 1.12 vs edited =====
--- 1.12/ipc/sem.c	Tue Oct  8 02:20:46 2002
+++ edited/ipc/sem.c	Wed Oct 16 00:38:28 2002
@@ -136,15 +136,14 @@
 	sma->sem_perm.key = key;
 
 	sma->sem_perm.security = NULL;
-	retval = security_ops->sem_alloc_security(sma);
-	if (retval) {
+	if ((retval = security_sem_alloc(sma))) {
 		ipc_free(sma, size);
 		return retval;
 	}
 
 	id = ipc_addid(&sem_ids, &sma->sem_perm, sc_semmni);
 	if(id == -1) {
-		security_ops->sem_free_security(sma);
+		security_sem_free(sma);
 		ipc_free(sma, size);
 		return -ENOSPC;
 	}
@@ -427,7 +426,7 @@
 
 	used_sems -= sma->sem_nsems;
 	size = sizeof (*sma) + sma->sem_nsems * sizeof (struct sem);
-	security_ops->sem_free_security(sma);
+	security_sem_free(sma);
 	ipc_free(sma, size);
 }
 
===== ipc/shm.c 1.18 vs edited =====
--- 1.18/ipc/shm.c	Tue Oct  8 02:29:20 2002
+++ edited/ipc/shm.c	Wed Oct 16 00:39:00 2002
@@ -116,7 +116,7 @@
 	shm_unlock(shp->id);
 	shmem_lock(shp->shm_file, 0);
 	fput (shp->shm_file);
-	security_ops->shm_free_security(shp);
+	security_shm_free(shp);
 	kfree (shp);
 }
 
@@ -188,8 +188,7 @@
 	shp->shm_flags = (shmflg & S_IRWXUGO);
 
 	shp->shm_perm.security = NULL;
-	error = security_ops->shm_alloc_security(shp);
-	if (error) {
+	if ((error = security_shm_alloc(shp))) {
 		kfree(shp);
 		return error;
 	}
@@ -222,7 +221,7 @@
 no_id:
 	fput(file);
 no_file:
-	security_ops->shm_free_security(shp);
+	security_shm_free(shp);
 	kfree(shp);
 	return error;
 }
===== ipc/util.c 1.6 vs edited =====
--- 1.6/ipc/util.c	Tue Oct  8 02:01:30 2002
+++ edited/ipc/util.c	Wed Oct 16 00:39:12 2002
@@ -264,7 +264,7 @@
 	    !capable(CAP_IPC_OWNER))
 		return -1;
 
-	return security_ops->ipc_permission(ipcp, flag);
+	return security_ipc_permission(ipcp, flag);
 }
 
 /*
===== kernel/acct.c 1.12 vs edited =====
--- 1.12/kernel/acct.c	Mon Jul 22 03:12:48 2002
+++ edited/kernel/acct.c	Tue Oct 15 22:53:28 2002
@@ -49,6 +49,7 @@
 #include <linux/acct.h>
 #include <linux/file.h>
 #include <linux/tty.h>
+#include <linux/security.h>
 #include <asm/uaccess.h>
 
 /*
@@ -222,8 +223,7 @@
 		}
 	}
 
-	error = security_ops->acct(file);
-	if (error)
+	if ((error = security_acct(file)))
 		return error;
 
 	spin_lock(&acct_globals.lock);
===== kernel/capability.c 1.6 vs edited =====
--- 1.6/kernel/capability.c	Sat Sep 14 06:18:49 2002
+++ edited/kernel/capability.c	Tue Oct 15 22:34:12 2002
@@ -8,6 +8,7 @@
  */ 
 
 #include <linux/mm.h>
+#include <linux/security.h>
 #include <asm/uaccess.h>
 
 unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */
@@ -63,7 +64,7 @@
      data.permitted = cap_t(target->cap_permitted);
      data.inheritable = cap_t(target->cap_inheritable); 
      data.effective = cap_t(target->cap_effective);
-     ret = security_ops->capget(target, &data.effective, &data.inheritable, &data.permitted);
+     ret = security_capget(target, &data.effective, &data.inheritable, &data.permitted);
 
 out:
      read_unlock(&tasklist_lock); 
@@ -88,7 +89,7 @@
      do_each_thread(g, target) {
              if (target->pgrp != pgrp)
                      continue;
-	     security_ops->capset_set(target, effective, inheritable, permitted);
+	     security_capset_set(target, effective, inheritable, permitted);
      } while_each_thread(g, target);
 }
 
@@ -105,7 +106,7 @@
      do_each_thread(g, target) {
              if (target == current || target->pid == 1)
                      continue;
-	     security_ops->capset_set(target, effective, inheritable, permitted);
+	     security_capset_set(target, effective, inheritable, permitted);
      } while_each_thread(g, target);
 }
 
@@ -163,7 +164,7 @@
 
      ret = -EPERM;
 
-     if (security_ops->capset_check(target, &effective, &inheritable, &permitted))
+     if (security_capset_check(target, &effective, &inheritable, &permitted))
 	     goto out;
 
      if (!cap_issubset(inheritable, cap_combine(target->cap_inheritable,
@@ -190,7 +191,7 @@
              else            /* all procs in process group */
                      cap_set_pg(-pid, &effective, &inheritable, &permitted);
      } else {
-	     security_ops->capset_set(target, &effective, &inheritable, &permitted);
+	     security_capset_set(target, &effective, &inheritable, &permitted);
      }
 
 out:
===== kernel/exit.c 1.72 vs edited =====
--- 1.72/kernel/exit.c	Tue Oct 15 15:08:06 2002
+++ edited/kernel/exit.c	Wed Oct 16 00:35:10 2002
@@ -67,7 +67,7 @@
 		wait_task_inactive(p);
 
 	atomic_dec(&p->user->processes);
-	security_ops->task_free_security(p);
+	security_task_free(p);
 	free_uid(p->user);
 	write_lock_irq(&tasklist_lock);
 	if (unlikely(p->ptrace))
@@ -248,7 +248,7 @@
 	/* cpus_allowed? */
 	/* rt_priority? */
 	/* signals? */
-	security_ops->task_reparent_to_init(current);
+	security_task_reparent_to_init(current);
 	memcpy(current->rlim, init_task.rlim, sizeof(*(current->rlim)));
 	current->user = INIT_USER;
 
@@ -774,7 +774,7 @@
 	if (current->tgid != p->tgid && delay_group_leader(p))
 		return 2;
 
-	if (security_ops->task_wait(p))
+	if (security_task_wait(p))
 		return 0;
 
 	return 1;
===== kernel/fork.c 1.87 vs edited =====
--- 1.87/kernel/fork.c	Mon Oct  7 15:17:19 2002
+++ edited/kernel/fork.c	Wed Oct 16 00:28:30 2002
@@ -682,8 +682,7 @@
 	if ((clone_flags & CLONE_DETACHED) && !(clone_flags & CLONE_THREAD))
 		return ERR_PTR(-EINVAL);
 
-	retval = security_ops->task_create(clone_flags);
-	if (retval)
+	if ((retval = security_task_create(clone_flags)))
 		goto fork_out;
 
 	retval = -ENOMEM;
@@ -772,7 +771,7 @@
 	INIT_LIST_HEAD(&p->local_pages);
 
 	retval = -ENOMEM;
-	if (security_ops->task_alloc_security(p))
+	if (security_task_alloc(p))
 		goto bad_fork_cleanup;
 	/* copy all the process information */
 	if (copy_semundo(clone_flags, p))
@@ -922,7 +921,7 @@
 bad_fork_cleanup_semundo:
 	exit_semundo(p);
 bad_fork_cleanup_security:
-	security_ops->task_free_security(p);
+	security_task_free(p);
 bad_fork_cleanup:
 	if (p->pid > 0)
 		free_pidmap(p->pid);
===== kernel/kmod.c 1.15 vs edited =====
--- 1.15/kernel/kmod.c	Tue Oct  1 01:54:49 2002
+++ edited/kernel/kmod.c	Wed Oct 16 00:28:59 2002
@@ -29,6 +29,7 @@
 #include <linux/completion.h>
 #include <linux/file.h>
 #include <linux/workqueue.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 
@@ -134,7 +135,7 @@
 	/* Give kmod all effective privileges.. */
 	curtask->euid = curtask->fsuid = 0;
 	curtask->egid = curtask->fsgid = 0;
-	security_ops->task_kmod_set_label();
+	security_task_kmod_set_label();
 
 	/* Allow execve args to be in kernel space. */
 	set_fs(KERNEL_DS);
===== kernel/ptrace.c 1.18 vs edited =====
--- 1.18/kernel/ptrace.c	Sun Sep 15 19:57:15 2002
+++ edited/kernel/ptrace.c	Wed Oct 16 00:11:10 2002
@@ -14,6 +14,7 @@
 #include <linux/pagemap.h>
 #include <linux/smp_lock.h>
 #include <linux/ptrace.h>
+#include <linux/security.h>
 
 #include <asm/pgtable.h>
 #include <asm/uaccess.h>
@@ -100,8 +101,7 @@
 	/* the same process cannot be attached many times */
 	if (task->ptrace & PT_PTRACED)
 		goto bad;
-	retval = security_ops->ptrace(current, task);
-	if (retval)
+	if ((retval = security_ptrace(current, task)))
 		goto bad;
 
 	/* Go */
===== kernel/sched.c 1.140 vs edited =====
--- 1.140/kernel/sched.c	Mon Oct 14 05:30:06 2002
+++ edited/kernel/sched.c	Wed Oct 16 00:29:50 2002
@@ -1329,8 +1329,7 @@
 	if (nice > 19)
 		nice = 19;
 
-	retval = security_ops->task_setnice(current, nice);
-	if (retval)
+	if ((retval = security_task_setnice(current, nice)))
 		return retval;
 
 	set_user_nice(current, nice);
@@ -1451,8 +1450,7 @@
 	    !capable(CAP_SYS_NICE))
 		goto out_unlock;
 
-	retval = security_ops->task_setscheduler(p, policy, &lp);
-	if (retval)
+	if ((retval = security_task_setscheduler(p, policy, &lp)))
 		goto out_unlock;
 
 	array = p->array;
@@ -1515,8 +1513,7 @@
 	read_lock(&tasklist_lock);
 	p = find_process_by_pid(pid);
 	if (p) {
-		retval = security_ops->task_getscheduler(p);
-		if (!retval)
+		if (!(retval = security_task_getscheduler(p)))
 			retval = p->policy;
 	}
 	read_unlock(&tasklist_lock);
@@ -1545,8 +1542,7 @@
 	if (!p)
 		goto out_unlock;
 
-	retval = security_ops->task_getscheduler(p);
-	if (retval)
+	if ((retval = security_task_getscheduler(p)))
 		goto out_unlock;
 
 	lp.sched_priority = p->rt_priority;
@@ -1778,8 +1774,7 @@
 	if (!p)
 		goto out_unlock;
 
-	retval = security_ops->task_getscheduler(p);
-	if (retval)
+	if ((retval = security_task_getscheduler(p)))
 		goto out_unlock;
 
 	jiffies_to_timespec(p->policy & SCHED_FIFO ?
===== kernel/signal.c 1.48 vs edited =====
--- 1.48/kernel/signal.c	Thu Oct  3 02:26:00 2002
+++ edited/kernel/signal.c	Wed Oct 16 00:30:19 2002
@@ -18,6 +18,7 @@
 #include <linux/fs.h>
 #include <linux/tty.h>
 #include <linux/binfmts.h>
+#include <linux/security.h>
 #include <asm/param.h>
 #include <asm/uaccess.h>
 #include <asm/siginfo.h>
@@ -706,8 +707,7 @@
 	ret = -EPERM;
 	if (bad_signal(sig, info, t))
 		goto out;
-	ret = security_ops->task_kill(t, info, sig);
-	if (ret)
+	if ((ret = security_task_kill(t, info, sig)))
 		goto out;
 
 	/* The null signal is a permissions and process existence probe.
===== kernel/sys.c 1.30 vs edited =====
--- 1.30/kernel/sys.c	Tue Oct 15 14:45:52 2002
+++ edited/kernel/sys.c	Wed Oct 16 00:33:50 2002
@@ -204,6 +204,7 @@
 cond_syscall(sys_quotactl)
 cond_syscall(sys_acct)
 cond_syscall(sys_lookup_dcookie)
+cond_syscall(sys_security)
 
 static int set_one_prio(struct task_struct *p, int niceval, int error)
 {
@@ -479,8 +480,7 @@
 	int new_egid = old_egid;
 	int retval;
 
-	retval = security_ops->task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE);
-	if (retval)
+	if ((retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE)))
 		return retval;
 
 	if (rgid != (gid_t) -1) {
@@ -525,8 +525,7 @@
 	int old_egid = current->egid;
 	int retval;
 
-	retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID);
-	if (retval)
+	if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID)))
 		return retval;
 
 	if (capable(CAP_SETGID))
@@ -599,8 +598,7 @@
 	int old_ruid, old_euid, old_suid, new_ruid, new_euid;
 	int retval;
 
-	retval = security_ops->task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE);
-	if (retval)
+	if ((retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE)))
 		return retval;
 
 	new_ruid = old_ruid = current->uid;
@@ -638,7 +636,7 @@
 		current->suid = current->euid;
 	current->fsuid = current->euid;
 
-	return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
+	return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
 }
 
 
@@ -660,8 +658,7 @@
 	int old_ruid, old_suid, new_ruid, new_suid;
 	int retval;
 
-	retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID);
-	if (retval)
+	if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID)))
 		return retval;
 
 	old_ruid = new_ruid = current->uid;
@@ -683,7 +680,7 @@
 	current->fsuid = current->euid = uid;
 	current->suid = new_suid;
 
-	return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
+	return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
 }
 
 
@@ -698,8 +695,7 @@
 	int old_suid = current->suid;
 	int retval;
 
-	retval = security_ops->task_setuid(ruid, euid, suid, LSM_SETID_RES);
-	if (retval)
+	if ((retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES)))
 		return retval;
 
 	if (!capable(CAP_SETUID)) {
@@ -729,7 +725,7 @@
 	if (suid != (uid_t) -1)
 		current->suid = suid;
 
-	return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
+	return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
 }
 
 asmlinkage long sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid)
@@ -750,8 +746,7 @@
 {
 	int retval;
 
-	retval = security_ops->task_setgid(rgid, egid, sgid, LSM_SETID_RES);
-	if (retval)
+	if ((retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES)))
 		return retval;
 
 	if (!capable(CAP_SETGID)) {
@@ -804,8 +799,7 @@
 	int old_fsuid;
 	int retval;
 
-	retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
-	if (retval)
+	if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)))
 		return retval;
 
 	old_fsuid = current->fsuid;
@@ -821,8 +815,7 @@
 		current->fsuid = uid;
 	}
 
-	retval = security_ops->task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
-	if (retval)
+	if ((retval = security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)))
 		return retval;
 
 	return old_fsuid;
@@ -836,8 +829,7 @@
 	int old_fsgid;
 	int retval;
 
-	retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS);
-	if (retval)
+	if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)))
 		return retval;
 
 	old_fsgid = current->fsgid;
@@ -962,8 +954,7 @@
 
 		retval = -ESRCH;
 		if (p) {
-			retval = security_ops->task_getpgid(p);
-			if (!retval)
+			if (!(retval = security_task_getpgid(p)))
 				retval = p->pgrp;
 		}
 		read_unlock(&tasklist_lock);
@@ -990,8 +981,7 @@
 
 		retval = -ESRCH;
 		if(p) {
-			retval = security_ops->task_getsid(p);
-			if (!retval)
+			if (!(retval = security_task_getsid(p)))
 				retval = p->session;
 		}
 		read_unlock(&tasklist_lock);
@@ -1072,8 +1062,7 @@
 		return -EINVAL;
 	if(copy_from_user(groups, grouplist, gidsetsize * sizeof(gid_t)))
 		return -EFAULT;
-	retval = security_ops->task_setgroups(gidsetsize, groups);
-	if (retval)
+	if ((retval = security_task_setgroups(gidsetsize, groups)))
 		return retval;
 	memcpy(current->groups, groups, gidsetsize * sizeof(gid_t));
 	current->ngroups = gidsetsize;
@@ -1236,8 +1225,7 @@
 			return -EPERM;
 	}
 
-	retval = security_ops->task_setrlimit(resource, &new_rlim);
-	if (retval)
+	if ((retval = security_task_setrlimit(resource, &new_rlim)))
 		return retval;
 
 	*old_rlim = new_rlim;
@@ -1311,8 +1299,7 @@
 	int error = 0;
 	int sig;
 
-	error = security_ops->task_prctl(option, arg2, arg3, arg4, arg5);
-	if (error)
+	if ((error = security_task_prctl(option, arg2, arg3, arg4, arg5)))
 		return error;
 
 	switch (option) {
===== kernel/uid16.c 1.2 vs edited =====
--- 1.2/kernel/uid16.c	Fri Jul 19 16:00:55 2002
+++ edited/kernel/uid16.c	Wed Oct 16 00:30:43 2002
@@ -140,8 +140,7 @@
 		return -EFAULT;
 	for (i = 0 ; i < gidsetsize ; i++)
 		new_groups[i] = (gid_t)groups[i];
-	i = security_ops->task_setgroups(gidsetsize, new_groups);
-	if (i)
+	if ((i = security_task_setgroups(gidsetsize, new_groups)))
 		return i;
 	memcpy(current->groups, new_groups, gidsetsize * sizeof(gid_t));
 	current->ngroups = gidsetsize;
===== mm/mmap.c 1.53 vs edited =====
--- 1.53/mm/mmap.c	Tue Oct 15 15:08:06 2002
+++ edited/mm/mmap.c	Wed Oct 16 00:36:48 2002
@@ -498,8 +498,7 @@
 		}
 	}
 
-	error = security_ops->file_mmap(file, prot, flags);
-	if (error)
+	if ((error = security_file_mmap(file, prot, flags)))
 		return error;
 		
 	/* Clear old maps */
===== mm/mprotect.c 1.19 vs edited =====
--- 1.19/mm/mprotect.c	Tue Oct  1 16:43:14 2002
+++ edited/mm/mprotect.c	Wed Oct 16 00:36:58 2002
@@ -262,8 +262,7 @@
 			goto out;
 		}
 
-		error = security_ops->file_mprotect(vma, prot);
-		if (error)
+		if ((error = security_file_mprotect(vma, prot)))
 			goto out;
 
 		if (vma->vm_end > end) {
===== net/core/scm.c 1.3 vs edited =====
--- 1.3/net/core/scm.c	Mon Jul 22 03:12:48 2002
+++ edited/net/core/scm.c	Wed Oct 16 00:41:37 2002
@@ -217,8 +217,7 @@
 	for (i=0, cmfptr=(int*)CMSG_DATA(cm); i<fdmax; i++, cmfptr++)
 	{
 		int new_fd;
-		err = security_ops->file_receive(fp[i]);
-		if (err)
+		if ((err = security_file_receive(fp[i])))
 			break;
 		err = get_unused_fd();
 		if (err < 0)
===== net/decnet/af_decnet.c 1.18 vs edited =====
--- 1.18/net/decnet/af_decnet.c	Tue Oct  8 07:02:41 2002
+++ edited/net/decnet/af_decnet.c	Wed Oct 16 00:42:30 2002
@@ -113,6 +113,7 @@
 #include <linux/inet.h>
 #include <linux/route.h>
 #include <linux/netfilter.h>
+#include <linux/security.h>
 #include <net/sock.h>
 #include <net/tcp.h>
 #include <asm/system.h>
@@ -794,7 +795,7 @@
 	 * dn_prot_sock ? Would be nice if the capable call would go there
 	 * too.
 	 */
-	if (security_ops->dn_prot_sock(saddr) &&
+	if (security_dn_prot_sock(saddr) &&
 	    !capable(CAP_NET_BIND_SERVICE) || 
 	    saddr->sdn_objnum || (saddr->sdn_flags & SDF_WILD))
 		return -EACCES;
===== security/Config.in 1.3 vs edited =====
--- 1.3/security/Config.in	Sat Jul 20 12:05:09 2002
+++ edited/security/Config.in	Tue Oct 15 22:24:46 2002
@@ -3,5 +3,8 @@
 #
 mainmenu_option next_comment
 comment 'Security options'
-define_bool CONFIG_SECURITY_CAPABILITIES y
+bool 'Enable different security models' CONFIG_SECURITY
+if [ "$CONFIG_SECURITY" = "y" ]; then
+   dep_tristate '  Default Linux Capabilities' CONFIG_SECURITY_CAPABILITIES $CONFIG_SECURITY
+fi
 endmenu
===== security/Makefile 1.1 vs edited =====
--- 1.1/security/Makefile	Fri Jul 19 15:55:56 2002
+++ edited/security/Makefile	Wed Oct 16 11:28:47 2002
@@ -3,11 +3,15 @@
 #
 
 # Objects that export symbols
-export-objs	:= security.o
+export-objs	:= security.o capability.o
 
-# Object file lists
-obj-y		:= security.o dummy.o
+# if we don't select a security model, use the default capabilities
+ifneq ($(CONFIG_SECURITY),y)
+obj-y		+= capability.o
+endif
 
+# Object file lists
+obj-$(CONFIG_SECURITY)			+= security.o dummy.o
 obj-$(CONFIG_SECURITY_CAPABILITIES)	+= capability.o
 
 include $(TOPDIR)/Rules.make
===== security/capability.c 1.6 vs edited =====
--- 1.6/security/capability.c	Tue Oct  8 02:01:30 2002
+++ edited/security/capability.c	Wed Oct 16 11:30:04 2002
@@ -12,6 +12,7 @@
 #include <linux/module.h>
 #include <linux/init.h>
 #include <linux/kernel.h>
+#include <linux/sched.h>
 #include <linux/security.h>
 #include <linux/file.h>
 #include <linux/mm.h>
@@ -19,10 +20,7 @@
 #include <linux/skbuff.h>
 #include <linux/netlink.h>
 
-/* flag to keep track of how we were registered */
-static int secondary;
-
-static int cap_capable (struct task_struct *tsk, int cap)
+int cap_capable (struct task_struct *tsk, int cap)
 {
 	/* Derived from include/linux/sched.h:capable. */
 	if (cap_raised (tsk->cap_effective, cap))
@@ -31,23 +29,7 @@
 		return -EPERM;
 }
 
-static int cap_sys_security (unsigned int id, unsigned int call,
-			     unsigned long *args)
-{
-	return -ENOSYS;
-}
-
-static int cap_quotactl (int cmds, int type, int id, struct super_block *sb)
-{
-	return 0;
-}
-
-static int cap_quota_on (struct file *f)
-{
-	return 0;
-}
-
-static int cap_ptrace (struct task_struct *parent, struct task_struct *child)
+int cap_ptrace (struct task_struct *parent, struct task_struct *child)
 {
 	/* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */
 	if (!cap_issubset (child->cap_permitted, current->cap_permitted) &&
@@ -57,8 +39,8 @@
 		return 0;
 }
 
-static int cap_capget (struct task_struct *target, kernel_cap_t * effective,
-		       kernel_cap_t * inheritable, kernel_cap_t * permitted)
+int cap_capget (struct task_struct *target, kernel_cap_t *effective,
+		kernel_cap_t *inheritable, kernel_cap_t *permitted)
 {
 	/* Derived from kernel/capability.c:sys_capget. */
 	*effective = cap_t (target->cap_effective);
@@ -67,10 +49,8 @@
 	return 0;
 }
 
-static int cap_capset_check (struct task_struct *target,
-			     kernel_cap_t * effective,
-			     kernel_cap_t * inheritable,
-			     kernel_cap_t * permitted)
+int cap_capset_check (struct task_struct *target, kernel_cap_t *effective,
+		      kernel_cap_t *inheritable, kernel_cap_t *permitted)
 {
 	/* Derived from kernel/capability.c:sys_capset. */
 	/* verify restrictions on target's new Inheritable set */
@@ -95,27 +75,15 @@
 	return 0;
 }
 
-static void cap_capset_set (struct task_struct *target,
-			    kernel_cap_t * effective,
-			    kernel_cap_t * inheritable,
-			    kernel_cap_t * permitted)
+void cap_capset_set (struct task_struct *target, kernel_cap_t *effective,
+		     kernel_cap_t *inheritable, kernel_cap_t *permitted)
 {
 	target->cap_effective = *effective;
 	target->cap_inheritable = *inheritable;
 	target->cap_permitted = *permitted;
 }
 
-static int cap_acct (struct file *file)
-{
-	return 0;
-}
-
-static int cap_bprm_alloc_security (struct linux_binprm *bprm)
-{
-	return 0;
-}
-
-static int cap_bprm_set_security (struct linux_binprm *bprm)
+int cap_bprm_set_security (struct linux_binprm *bprm)
 {
 	/* Copied from fs/exec.c:prepare_binprm. */
 
@@ -143,23 +111,13 @@
 	return 0;
 }
 
-static int cap_bprm_check_security (struct linux_binprm *bprm)
-{
-	return 0;
-}
-
-static void cap_bprm_free_security (struct linux_binprm *bprm)
-{
-	return;
-}
-
 /* Copied from fs/exec.c */
 static inline int must_not_trace_exec (struct task_struct *p)
 {
 	return (p->ptrace & PT_PTRACED) && !(p->ptrace & PT_PTRACE_CAP);
 }
 
-static void cap_bprm_compute_creds (struct linux_binprm *bprm)
+void cap_bprm_compute_creds (struct linux_binprm *bprm)
 {
 	/* Derived from fs/exec.c:compute_creds. */
 	kernel_cap_t new_permitted, working;
@@ -204,6 +162,160 @@
 	current->keep_capabilities = 0;
 }
 
+/* moved from kernel/sys.c. */
+/* 
+ * cap_emulate_setxuid() fixes the effective / permitted capabilities of
+ * a process after a call to setuid, setreuid, or setresuid.
+ *
+ *  1) When set*uiding _from_ one of {r,e,s}uid == 0 _to_ all of
+ *  {r,e,s}uid != 0, the permitted and effective capabilities are
+ *  cleared.
+ *
+ *  2) When set*uiding _from_ euid == 0 _to_ euid != 0, the effective
+ *  capabilities of the process are cleared.
+ *
+ *  3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective
+ *  capabilities are set to the permitted capabilities.
+ *
+ *  fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should 
+ *  never happen.
+ *
+ *  -astor 
+ *
+ * cevans - New behaviour, Oct '99
+ * A process may, via prctl(), elect to keep its capabilities when it
+ * calls setuid() and switches away from uid==0. Both permitted and
+ * effective sets will be retained.
+ * Without this change, it was impossible for a daemon to drop only some
+ * of its privilege. The call to setuid(!=0) would drop all privileges!
+ * Keeping uid 0 is not an option because uid 0 owns too many vital
+ * files..
+ * Thanks to Olaf Kirch and Peter Benie for spotting this.
+ */
+static inline void cap_emulate_setxuid (int old_ruid, int old_euid,
+					int old_suid)
+{
+	if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) &&
+	    (current->uid != 0 && current->euid != 0 && current->suid != 0) &&
+	    !current->keep_capabilities) {
+		cap_clear (current->cap_permitted);
+		cap_clear (current->cap_effective);
+	}
+	if (old_euid == 0 && current->euid != 0) {
+		cap_clear (current->cap_effective);
+	}
+	if (old_euid != 0 && current->euid == 0) {
+		current->cap_effective = current->cap_permitted;
+	}
+}
+
+int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid,
+			  int flags)
+{
+	switch (flags) {
+	case LSM_SETID_RE:
+	case LSM_SETID_ID:
+	case LSM_SETID_RES:
+		/* Copied from kernel/sys.c:setreuid/setuid/setresuid. */
+		if (!issecure (SECURE_NO_SETUID_FIXUP)) {
+			cap_emulate_setxuid (old_ruid, old_euid, old_suid);
+		}
+		break;
+	case LSM_SETID_FS:
+		{
+			uid_t old_fsuid = old_ruid;
+
+			/* Copied from kernel/sys.c:setfsuid. */
+
+			/*
+			 * FIXME - is fsuser used for all CAP_FS_MASK capabilities?
+			 *          if not, we might be a bit too harsh here.
+			 */
+
+			if (!issecure (SECURE_NO_SETUID_FIXUP)) {
+				if (old_fsuid == 0 && current->fsuid != 0) {
+					cap_t (current->cap_effective) &=
+					    ~CAP_FS_MASK;
+				}
+				if (old_fsuid != 0 && current->fsuid == 0) {
+					cap_t (current->cap_effective) |=
+					    (cap_t (current->cap_permitted) &
+					     CAP_FS_MASK);
+				}
+			}
+			break;
+		}
+	default:
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+void cap_task_kmod_set_label (void)
+{
+	cap_set_full (current->cap_effective);
+	return;
+}
+
+void cap_task_reparent_to_init (struct task_struct *p)
+{
+	p->cap_effective = CAP_INIT_EFF_SET;
+	p->cap_inheritable = CAP_INIT_INH_SET;
+	p->cap_permitted = CAP_FULL_SET;
+	p->keep_capabilities = 0;
+	return;
+}
+
+EXPORT_SYMBOL(cap_capable);
+EXPORT_SYMBOL(cap_ptrace);
+EXPORT_SYMBOL(cap_capget);
+EXPORT_SYMBOL(cap_capset_check);
+EXPORT_SYMBOL(cap_capset_set);
+EXPORT_SYMBOL(cap_bprm_set_security);
+EXPORT_SYMBOL(cap_bprm_compute_creds);
+EXPORT_SYMBOL(cap_task_post_setuid);
+EXPORT_SYMBOL(cap_task_kmod_set_label);
+EXPORT_SYMBOL(cap_task_reparent_to_init);
+
+#ifdef CONFIG_SECURITY
+
+static int cap_sys_security (unsigned int id, unsigned int call,
+			     unsigned long *args)
+{
+	return -ENOSYS;
+}
+
+static int cap_quotactl (int cmds, int type, int id, struct super_block *sb)
+{
+	return 0;
+}
+
+static int cap_quota_on (struct file *f)
+{
+	return 0;
+}
+
+static int cap_acct (struct file *file)
+{
+	return 0;
+}
+
+static int cap_bprm_alloc_security (struct linux_binprm *bprm)
+{
+	return 0;
+}
+
+static int cap_bprm_check_security (struct linux_binprm *bprm)
+{
+	return 0;
+}
+
+static void cap_bprm_free_security (struct linux_binprm *bprm)
+{
+	return;
+}
+
 static int cap_sb_alloc_security (struct super_block *sb)
 {
 	return 0;
@@ -512,96 +624,6 @@
 	return 0;
 }
 
-/* moved from kernel/sys.c. */
-/* 
- * cap_emulate_setxuid() fixes the effective / permitted capabilities of
- * a process after a call to setuid, setreuid, or setresuid.
- *
- *  1) When set*uiding _from_ one of {r,e,s}uid == 0 _to_ all of
- *  {r,e,s}uid != 0, the permitted and effective capabilities are
- *  cleared.
- *
- *  2) When set*uiding _from_ euid == 0 _to_ euid != 0, the effective
- *  capabilities of the process are cleared.
- *
- *  3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective
- *  capabilities are set to the permitted capabilities.
- *
- *  fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should 
- *  never happen.
- *
- *  -astor 
- *
- * cevans - New behaviour, Oct '99
- * A process may, via prctl(), elect to keep its capabilities when it
- * calls setuid() and switches away from uid==0. Both permitted and
- * effective sets will be retained.
- * Without this change, it was impossible for a daemon to drop only some
- * of its privilege. The call to setuid(!=0) would drop all privileges!
- * Keeping uid 0 is not an option because uid 0 owns too many vital
- * files..
- * Thanks to Olaf Kirch and Peter Benie for spotting this.
- */
-static inline void cap_emulate_setxuid (int old_ruid, int old_euid,
-					int old_suid)
-{
-	if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) &&
-	    (current->uid != 0 && current->euid != 0 && current->suid != 0) &&
-	    !current->keep_capabilities) {
-		cap_clear (current->cap_permitted);
-		cap_clear (current->cap_effective);
-	}
-	if (old_euid == 0 && current->euid != 0) {
-		cap_clear (current->cap_effective);
-	}
-	if (old_euid != 0 && current->euid == 0) {
-		current->cap_effective = current->cap_permitted;
-	}
-}
-
-static int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid,
-				 int flags)
-{
-	switch (flags) {
-	case LSM_SETID_RE:
-	case LSM_SETID_ID:
-	case LSM_SETID_RES:
-		/* Copied from kernel/sys.c:setreuid/setuid/setresuid. */
-		if (!issecure (SECURE_NO_SETUID_FIXUP)) {
-			cap_emulate_setxuid (old_ruid, old_euid, old_suid);
-		}
-		break;
-	case LSM_SETID_FS:
-		{
-			uid_t old_fsuid = old_ruid;
-
-			/* Copied from kernel/sys.c:setfsuid. */
-
-			/*
-			 * FIXME - is fsuser used for all CAP_FS_MASK capabilities?
-			 *          if not, we might be a bit too harsh here.
-			 */
-
-			if (!issecure (SECURE_NO_SETUID_FIXUP)) {
-				if (old_fsuid == 0 && current->fsuid != 0) {
-					cap_t (current->cap_effective) &=
-					    ~CAP_FS_MASK;
-				}
-				if (old_fsuid != 0 && current->fsuid == 0) {
-					cap_t (current->cap_effective) |=
-					    (cap_t (current->cap_permitted) &
-					     CAP_FS_MASK);
-				}
-			}
-			break;
-		}
-	default:
-		return -EINVAL;
-	}
-
-	return 0;
-}
-
 static int cap_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags)
 {
 	return 0;
@@ -664,21 +686,6 @@
 	return 0;
 }
 
-static void cap_task_kmod_set_label (void)
-{
-	cap_set_full (current->cap_effective);
-	return;
-}
-
-static void cap_task_reparent_to_init (struct task_struct *p)
-{
-	p->cap_effective = CAP_INIT_EFF_SET;
-	p->cap_inheritable = CAP_INIT_INH_SET;
-	p->cap_permitted = CAP_FULL_SET;
-	p->keep_capabilities = 0;
-	return;
-}
-
 static int cap_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
 {
 	return 0;
@@ -838,6 +845,10 @@
 #define MY_NAME "capability"
 #endif
 
+/* flag to keep track of how we were registered */
+static int secondary;
+
+
 static int __init capability_init (void)
 {
 	/* register ourselves with the security framework */
@@ -877,3 +888,5 @@
 
 MODULE_DESCRIPTION("Standard Linux Capabilities Security Module");
 MODULE_LICENSE("GPL");
+
+#endif	/* CONFIG_SECURITY */

Re: [RFC] change format of LSM hooks

[Greg KH]

On Wed, Oct 16, 2002 at 11:59:28AM -0700, Greg KH wrote:
> 
> Ok, here's a working version (I'm typing from it right now), with all of
> the capability logic working again.  This does make the
> security/built-in.o file this size with CONFIG_SECURITY=y
> 
>    text    data     bss     dec     hex filename
>    1611       0       0    1611     64b security/built-in.o

That should have said CONFIG_SECURITY=n

Sorry for any confusion.

greg k-h

Re: [RFC] change format of LSM hooks

[Rusty Russell]

On Tue, 15 Oct 2002 17:07:06 -0700
Greg KH <greg@kroah.com> wrote:

> On Tue, Oct 15, 2002 at 01:28:28PM -0700, Greg KH wrote:
> > On Tue, Oct 15, 2002 at 01:10:37PM -0700, David S. Miller wrote:
> > > 
> > > I will not even look at the networking LSM bits until
> > > CONFIG_SECURITY=n is available.
> > 
> > Good enough reason for me, I'll start working on this.  Help from the
> > other LSM developers is appreciated :)
> 
> Ok, this wasn't that tough...
> 
> Here's a first cut at what will need to be changed.  It's a patch
> against Linus's latest BK tree.  I only converted one hook (the ptrace
> one), and this will not link, but will build and gives people an idea of
> where I'm heading.
> 
> David, does something like this look acceptable?
> 
> With it, and CONFIG_SECURITY=n the size of the security/*.o files are
> now:
>    text    data     bss     dec     hex filename
>     138       0       0     138      8a security/built-in.o
> 
> which I hope are a bit more to your liking :)
> I still need an empty sys_security stub in order to link properly,
> that's the only function needed.  The extra #includes are needed as
> some files were getting security.h picked up from shed.h in the past.
> 
> I'll work on fixing up the rest of the hooks, and removing the external
> reference to security_ops, and actually test this thing, later this
> evening.
> 
> thanks,
> 
> greg k-h
> 
> diff -Naur -X ../dontdiff bleeding_edge-2.5/arch/i386/kernel/ptrace.c lsm-2.5/arch/i386/kernel/ptrace.c
> --- bleeding_edge-2.5/arch/i386/kernel/ptrace.c	Tue Oct 15 16:47:14 2002
> +++ lsm-2.5/arch/i386/kernel/ptrace.c	Tue Oct 15 16:41:44 2002
> @@ -160,8 +160,7 @@
>  		/* are we already being traced? */
>  		if (current->ptrace & PT_PTRACED)
>  			goto out;
> -		ret = security_ops->ptrace(current->parent, current);
> -		if (ret)
> +		if ((ret = security_ptrace(current->parent, current)))

Um, rather than one macro per security_ops function, how about:

#ifdef CONFIG_SECURITY
	#define security_call(func, default_ret, ...) \
		(security_ops->func(__VA_ARGS__))
#else
	#define security_call(func, default_ret, ...) \
		(default_ret)
#endif

This also allows someone in the future to do:

	#define security_call(func, default_ret, ...) \
		({ if (try_inc_mod_count(security_ops->owner))
			(security_ops->func(__VA_ARGS__));
		   else
			(default_ret);
		})

Of course, you could skip the default_ret arg, and use
#ifndef CONFIG_SECURITY
	#define security_call(func, ...) \
		(security_default_##func)
#endif

Then all the defaults can be in a header somewhere.

Cheers,
Rusty.
-- 
   there are those who do and those who hang on and you don't see too
   many doers quoting their contemporaries.  -- Larry McVoy

Re: [RFC] change format of LSM hooks

[Daniel Phillips]

On Thursday 17 October 2002 03:41, Rusty Russell wrote:
> This also allows someone in the future to do:
> 
> 	#define security_call(func, default_ret, ...) \
> 		({ if (try_inc_mod_count(security_ops->owner))
> 			(security_ops->func(__VA_ARGS__));
> 		   else
> 			(default_ret);
> 		})

Hopefully, dec_mod_count as well.

-- 
Daniel

Re: [RFC] change format of LSM hooks

[Christoph Hellwig]

On Tue, Oct 15, 2002 at 05:07:06PM -0700, Greg KH wrote:
> On Tue, Oct 15, 2002 at 01:28:28PM -0700, Greg KH wrote:
> > On Tue, Oct 15, 2002 at 01:10:37PM -0700, David S. Miller wrote:
> > > 
> > > I will not even look at the networking LSM bits until
> > > CONFIG_SECURITY=n is available.

BTW, there's another big issues with LSM:  so far all those hook
have no user in a mergeable shape.  For all other additions
there is a strong need to present something mergable but LSM
doesn't.  IMHO we should require a pointer to a module in mergaable
shape (i.e. certainly not selinux) for each new hook addition.

Re: [RFC] change format of LSM hooks

[Greg KH]

On Thu, Oct 17, 2002 at 02:21:49PM +0100, Christoph Hellwig wrote:
> On Tue, Oct 15, 2002 at 05:07:06PM -0700, Greg KH wrote:
> > On Tue, Oct 15, 2002 at 01:28:28PM -0700, Greg KH wrote:
> > > On Tue, Oct 15, 2002 at 01:10:37PM -0700, David S. Miller wrote:
> > > > 
> > > > I will not even look at the networking LSM bits until
> > > > CONFIG_SECURITY=n is available.
> 
> BTW, there's another big issues with LSM:  so far all those hook
> have no user in a mergeable shape.  For all other additions
> there is a strong need to present something mergable but LSM
> doesn't.  IMHO we should require a pointer to a module in mergaable
> shape (i.e. certainly not selinux) for each new hook addition.

Heh, require this, and oops, all of the hooks disappear :)

Seriously, no, I don't agree with this.  SELinux is currently being
audited by a number of different companies (include some Linux distros),
and after that happens, and the code is cleaned up, I think they will
probably want their module merged (but I don't speak for them at all.)

As for the other modules, I think the OWL-based one is good enough right
now, and I have a very simple module that is in the November issue of
Linux Journal that is probably clean enough to merge.

thanks,

greg k-h

Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7)

[Keith Owens]

On Tue, 15 Oct 2002 13:10:37 -0700 (PDT), 
"David S. Miller" <davem@redhat.com> wrote:
>   Yes, the size of the *.o files in the security directory can be shrunk a
>   bit:
>      text    data     bss     dec     hex filename
>      6765     776       8    7549    1d7d built-in.o
>      3280     392       4    3676     e5c capability.o
>      1772     384       0    2156     86c dummy.o
>      1713       0       4    1717     6b5 security.o
>   
>It's a whopping 32K on sparc64, and that is only counting
>the security/*.o objects.

<nitpick>
Double counting: built-in.o == (capability.o + dummy.o + security.o)
</nitpick>

Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7)

[Keith Owens]

On Tue, 15 Oct 2002 13:10:37 -0700 (PDT), 
"David S. Miller" <davem@redhat.com> wrote:
>   Yes, the size of the *.o files in the security directory can be shrunk a
>   bit:
>      text    data     bss     dec     hex filename
>      6765     776       8    7549    1d7d built-in.o
>      3280     392       4    3676     e5c capability.o
>      1772     384       0    2156     86c dummy.o
>      1713       0       4    1717     6b5 security.o
>   
>It's a whopping 32K on sparc64, and that is only counting
>the security/*.o objects.

Pressed send too soon :(

<nitpick>
Double counting: built-in.o == (capability.o + dummy.o + security.o)

Also I suspect you double counted text+data+bss+dec, when dec =
(text+data+bss).  The real size of the *.o security files in the kernel
is 7549, not 32K.  Not that it makes any difference, there has to be a
way to make that size 0 when LSM is compiled off.
</nitpick>

Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7)

[Greg KH]

On Sat, Oct 19, 2002 at 12:54:35PM +1000, Keith Owens wrote:
> Not that it makes any difference, there has to be a way to make that
> size 0 when LSM is compiled off.

Already done, see the patches sent to lkml yesterday :)

thanks,

greg k-h