Re: sys_setpriority error

From: Titus D. Winters (titusat_private)
Date: Thu May 31 2001 - 09:17:16 PDT

  • Next message: Chris Lundberg: "Re: sys_setpriority error"

    How about this:
    
    no_nice = security_ops->task_ops->setnice(p, niceval);
    if (p->uid != current->euid &&
            p->uid != current->uid && no_nice) {
    
    can become
    
    no_nice = security_ops->task_ops->setnice(p, niceval);
    if (no_nice) {
    
    And put all of the access control logic into the dummy functions.  Thus
    the LSM can then either be more or less restrictive, but the default will
    be just the same as the base kernel version.
    
    Extending this means that we move all of the places that the old capable()
    checks were into the dummies, and all the other hooks can still just
    return 0, or do a euid/uid check.  Then those of us that want the LSM to
    be more restrictive than the default can do that, those that want the
    capabilities style of being more permissive than the default can do that,
    and overall we have more functionality.
    
    -Titus
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu May 31 2001 - 09:18:34 PDT