On 2/16/2018 10:40 AM, Paul Moore wrote: > On Fri, Feb 16, 2018 at 12:44 PM, Casey Schaufler > <casey@xxxxxxxxxxxxxxxx> wrote: >> On 2/16/2018 9:19 AM, Stephen Smalley wrote: >>> Define a selinux state structure (struct selinux_state) for >>> global SELinux state and pass it explicitly to all security server >>> functions. >> If you're already changing the security server APIs >> wholesale it would be delightful if you could change the >> prefix used from "security_" to something that doesn't >> clash with the LSM infrastructure. It might seem cosmetic >> if you're working inside SELinux, but over the past few >> years while I've been working on the LSM stacking the >> clash has driven me batty on multiple occasions. I have >> discussed this with Paul in the past, and he wasn't eager >> to take patches that were just name changes. I certainly >> see that position. But, since you're changing the APIs >> anyway, there won't be a better time to do this. I'm >> batty enough as it is. > Yes, there is a better time to change this, and it's the same time as > when we last talked about it. We can look at changing the functions > when we tackle the bigger issue of (re)examining the boundary between > the SELinux LSM hooks and the SELinux security server. I'm not convinced. Recent discussions on this list indicate that isn't going to happen, that the existing boundary is here to stay. It also may not result in changing *all* the interfaces, like this one does. It seems convenient to do it now. Thought I'd ask.
