[redhat-lspp] LSPP work items

[James Morris]

On Thu, 6 Oct 2005, David Howells wrote:

> James Morris <jmorris at redhat.com> wrote:
> 
> > Not sure how feasible or useful it would be to add a boot parameter for 
> > the key subsystem -- it introduces a system call, for example.
> 
> That could be done reasonably easily I think; it'd just slow things down a
> touch.
> 
> The three system calls and many of the interface functions would have to
> detect the fact that the key management code is disabled and return an
> appropriate error just in case something tried to use them.

Note that boot params are not viable on all architectures (s390?), so to 
make this certifiable across all architectures, this would need to be a 
runtime disable (during early userspace), which we've had to do with 
SELinux.


- James
-- 
James Morris
<jmorris at redhat.com>