* Andrew Morgan (morganat_private) [010416 21:45]: > Note, capabilities (as defined by the POSIX.1e document) require > something method of storing capabilities in association with files. The > patches that I've written, as part of the linux-privs project, make use > of these same Extended Attributes. > > When you say you are committed to supporting POSIX.1e capabilities, are > you saying to supporting the capability functionality that the kernel > currently supports, or "the POSIX.1e" capabilities? Without putting words in Crispin's mouth I understood that he is committed to support POSIX.1e capabilities (whether the spec or what is currently in the kernel) within the framework of a security module API that allows interested modules to interpose themselves during security relevant events. That does not mean the API will provide every possible service a security module may need, such as the storage of state. While a generic API for state storage would be a plus its independent of the API being proposed here (although the same folks may wish to work on it). For example, I can foresee a security module that sends its access control decisions, and maintains state, in a central authorization server available via the network. That does not mean we need to include a network authorization API on the work this group is proposing to accomplish. > Thanks > > Andrew -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 15:06:49 PDT