LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: James Morris <jmorris@namei.org>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: "Ahmed S. Darwish" <darwish.07@gmail.com>,
sds@tycho.nsa.gov, casey@schaufler-ca.com, bunk@kernel.org,
chrisw@sous-sol.org, eparis@parisplace.org, adobriyan@sw.ru,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH -v5 -mm] LSM: Add security= boot parameter
Date: Thu, 6 Mar 2008 09:56:35 +1100 (EST) [thread overview]
Message-ID: <Xine.LNX.4.64.0803060951450.26999@us.intercode.com.au> (raw)
In-Reply-To: <20080305142948.3d391d84.akpm@linux-foundation.org>
On Wed, 5 Mar 2008, Andrew Morton wrote:
> > +/* Maximum number of letters for an LSM name string */
> > +#define SECURITY_NAME_MAX 10
>
> Is this long enough?
I almost flagged this earlier, but I don't think we've ever seen an LSM
with a longer name, and it can be expanded if needed. 32 or something
seems similarly arbitrary.
> Please remove this and use compile-time initialisation with DEFINE_SPINLOCK.
>
> Do we actually need the lock? This code is only called at boot-time if I
> understand it correctly?
Theoretically, security_module_enable() could be called at any time,
although it does seem unlikely never to be called at boot, especially if
multiple LSMs are compiled in.
In that case, perhaps mark the function as __init, and require it be
called only at boot time.
> Can chosen_lsm[] be __initdata?
With the above, yes.
> > +int security_module_enable(struct security_operations *ops)
> > +}
>
> I believe this can be __init.
Indeed :-)
- James
--
James Morris
<jmorris@namei.org>
prev parent reply other threads:[~2008-03-05 23:03 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-01 19:07 [RFC PATCH -mm] LSM: Add lsm= " Ahmed S. Darwish
2008-03-01 20:28 ` Casey Schaufler
2008-03-01 21:11 ` Adrian Bunk
2008-03-01 21:29 ` Casey Schaufler
2008-03-01 23:27 ` [PATCH -v2 -mm] LSM: Add security= " Ahmed S. Darwish
2008-03-02 3:41 ` Casey Schaufler
2008-03-02 7:55 ` Ahmed S. Darwish
2008-03-02 7:49 ` Ahmed S. Darwish
2008-03-02 10:59 ` [PATCH -v3 " Ahmed S. Darwish
2008-03-02 18:37 ` Casey Schaufler
2008-03-03 8:29 ` James Morris
2008-03-03 15:35 ` Ahmed S. Darwish
2008-03-03 15:54 ` Stephen Smalley
2008-03-03 21:24 ` [PATCH -v4 " Ahmed S. Darwish
2008-03-03 22:16 ` James Morris
2008-03-04 3:04 ` [PATCH -v5 " Ahmed S. Darwish
2008-03-04 4:07 ` James Morris
2008-03-05 22:29 ` Andrew Morton
2008-03-05 22:56 ` Ahmed S. Darwish
2008-03-05 23:06 ` Ahmed S. Darwish
2008-03-05 22:56 ` James Morris [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Xine.LNX.4.64.0803060951450.26999@us.intercode.com.au \
--to=jmorris@namei.org \
--cc=adobriyan@sw.ru \
--cc=akpm@linux-foundation.org \
--cc=bunk@kernel.org \
--cc=casey@schaufler-ca.com \
--cc=chrisw@sous-sol.org \
--cc=darwish.07@gmail.com \
--cc=eparis@parisplace.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--subject='Re: [PATCH -v5 -mm] LSM: Add security= boot parameter' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).