Subject: Re: Upcoming security model abstraction
To: YAMAMOTO Takashi <>
From: Elad Efrat <>
List: tech-kern
Date: 09/05/2006 16:32:24
YAMAMOTO Takashi wrote:

> of course, my "overlay" won't pick up the file.

I think you are looking at the current (only) implementation of a
security model, bsd44, and base this statement on it alone. Once
we introduce (if any, again) somewhat more.. "complicated" security
models, this won't be possible without dividing the new model to
more files.

I think that in the longer term, the way we're doing it now will
prove cleaner.

>> __CONCAT() actually simplifies things by calling the "real"
>> model used.
> i know what it does.  i'd like to call it complicate.
> maybe it's a matter of taste...  i don't like inventing this unusual trick
> while it can be perfectly done with existing config facilities and normal C.

Maybe.. we'll need to use config facilities anyway for the model
dependencies anyway and I'm not yet sure how to do that. :/


Elad Efrat