> YAMAMOTO Takashi wrote:
> 
> >> Perhaps it's a good time to introduce said scope, and add an action
> >> to indicate whether the NFS optimization can take place. Would that
> >> work for you?
> > 
> > i'm not sure what you mean by "an action to indicate whether the
> > NFS optimization can take place."
> > do you mean to make nfs call kauth_authorize_foo with the action?
> 
> Yes, but that call will only be made if Veriexec is compiled in.
> 
> >> The only thing I'm wondering about is what the kernel would do in
> >> case Veriexec is not even compiled in... maybe just put in weak-aliased
> >> stubs (similar to secmodel_start() in kern/init_main.c).
> >>
> >> (perhaps having a file that is always compiled and contains weak-aliased
> >> always-allow stubs for when conditionally compiled in scopes are not
> >> compiled in is appropriate? :)
> > 
> > i don't understand how it matters.
> > do you mean a very veriexec specific scope which doesn't make sense at all
> > unless veriexec is compiled in?
> 
> Yes.
> 
> -e.

how is it different from #ifdef VERIEXEC?

YAMAMOTO Takashi