Disabling XACE Extension (and other code build) by default
Vignatti Tiago (Nokia-MS/Helsinki)
tiago.vignatti at nokia.com
Mon Jul 5 06:21:26 PDT 2010
On Sat, Jul 03, 2010 at 10:25:34PM +0200, ext Eamon Walsh wrote:
> On 06/21/2010 09:52 AM, Tiago Vignatti wrote:
> >
> > Last I remember, we want all possible build options set as on by default just
> > to be sure the code they enable still being able to build after general
> > changes. Is that correct?
> >
> > ---
> >
> > Apart from that, is there a reason to have XACE enabled by default without any
> > hook backend? This is how the server is being compiled now by default.
>
> As long as the in-tree security extensions are disabled by default I
> think it should be OK to disable XACE by default as well.
Thanks for the answer, Eamon.
So I disabled XACE here in my machine and now my static analyzer is accusing
~100 pieces of deadcode. That's because we have XaceHook everywhere and, when
disabling the extension, this function will always return Success which makes
the subsequent "if (rc != Success)" useless.
I took a look on the code and couldn't find a way to put this conditional
inside the XaceHook, when the extension is being used. Do you think there's an
easy way to do so? Do we really need to always check for value or this is just
a safety check? Or do you have an better idea?
Thank you,
Tiago
More information about the xorg-devel
mailing list