Crispin Cowan wrote: > > The current discussion of future LSM modules has been capabilities. > > Not exclusively capabilities. We believe we can get SubDomain and CryptoMark (WireX > products) to work with the same or very similar hooks to those needed for > Capabilities. We further conjecture that LIDS and Janus, providing similar > functionality to SubDomain, can also be made to work with this modest set of hooks. > > > Is there > > anyone on the list from the Extended Attributes and ACL project? > > We would like there to be :-) My chat over the weekend about extended attributes > pertains directly to projects like ACL. However, my design philosophy here is to *not* > include something unless someone with a module and serious intent to use the LSM steps > forward and says "I need <foo hook>" and presents a solid case for why it can't be done > with the existing hooks. Note, capabilities (as defined by the POSIX.1e document) require something method of storing capabilities in association with files. The patches that I've written, as part of the linux-privs project, make use of these same Extended Attributes. When you say you are committed to supporting POSIX.1e capabilities, are you saying to supporting the capability functionality that the kernel currently supports, or "the POSIX.1e" capabilities? Thanks Andrew _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 14:45:50 PDT