On Thu, Jul 19, 2007 at 09:54:30AM -0700, Arjan van de Ven wrote: > the next step after this patch is to have an option to get rid of all > the function pointer chasing (which is expensive) for the case where you > know you only want one security module (which you then can turn on or > off)... that advantage is a performance gain for a lot of people....
I'm pretty sure that at least the security_ops function pointers could be
resolved statically with some proprocessor trickery right now.
E.g. define macros for the security_* hooks in the single security module that
is configured statically and include those defines in security.h instead
of the prototypes for the inline functions. Am I missing something?
If a distribution enables such an option there is no way to load a
security module, true. This is what we have right now if the distro disables
loadable module support or disables security modules.
regards Christian
signature.asc
Description: Digital signature
