Then stabilize your interface before going into production use. Why
should selinux (or lsm) get special treatment?
> Do we expect that SE Linux or other security system calls will be such a
> performance bottleneck that an extra switch or two will hurt?
It's not the performance issues, it's about getting a proper syscall table
instead of deep nesting without knowing what it actually does.
Look at e.g. the horrors of doing a proper 32->64bit translation
of those syscalls.
> Also it would mean that developmental projects would be more difficult.
Yes. In general you should avoid adding syscalls anyway. If we
wanted to make it easy we'd have created loadable syscalls from the very
beginning.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/