* Stephen Smalley (sdsat_private) wrote: > > I've attached a patch that addresses a few of my earlier comments > and some other items. Specifically, it implements additional calls to the > ptrace hook in the ptrace system call (in the non-TRACEME case) and for > attempts to access /proc/PID/mem files. It also relocates the > call to the setattr hook so that it is always invoked, even > if the inode does not define its own setattr operation. It > adds a s_security field to struct super_block for file system > security attributes. Finally, it adds security.o to the export-objs > in the kernel Makefile so that register_security and unregister_security > are properly exported for modules. Stephen, thanks for the patch. I've incorporated all your changes. I'd still like to get cap_issubset and capable out of ptrace.c, but one step at a time ;-) The super_block blob is in there, but I didn't update the security interface much (just added a super_block_security_ops struct with (alloc_|free_)security. What did you have in mind for the security checks? Just the super_operations stuff? The dquot_operations also? -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed May 09 2001 - 18:36:36 PDT