* Greg KH (gregat_private) wrote: > Here's an updated patch. It contains much work by Chris to push the > capabilities logic into a module (I'll let him explain it some more.) This was my first attempt at pushing capabilities into it's own module. this has helped flush out the interface a bit. it was good to see that some of Stephen Smalley's requests were met by this first push ;-) the module has some implementation in it, but it is no where near complete. everything compiles (so it must work ;-). A couple of issues: 1) iirc, the task_struct, binprm struct, and netlink_skb_parms all carry kernel_cap_t so these will get opaque security blobs. this means dynamic allocation of the blob, needs optimization... 2) how to share this module and something else that i can't remember right now...see my response to Stephen Smalley for more details on the work (or the patch itself ;-) -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Apr 25 2001 - 19:43:44 PDT