On Fri, Feb 16, 2018 at 12:44 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > On 2/16/2018 9:19 AM, Stephen Smalley wrote: >> Define a selinux state structure (struct selinux_state) for >> global SELinux state and pass it explicitly to all security server >> functions. > > If you're already changing the security server APIs > wholesale it would be delightful if you could change the > prefix used from "security_" to something that doesn't > clash with the LSM infrastructure. It might seem cosmetic > if you're working inside SELinux, but over the past few > years while I've been working on the LSM stacking the > clash has driven me batty on multiple occasions. I have > discussed this with Paul in the past, and he wasn't eager > to take patches that were just name changes. I certainly > see that position. But, since you're changing the APIs > anyway, there won't be a better time to do this. I'm > batty enough as it is. Yes, there is a better time to change this, and it's the same time as when we last talked about it. We can look at changing the functions when we tackle the bigger issue of (re)examining the boundary between the SELinux LSM hooks and the SELinux security server. -- paul moore www.paul-moore.com
