Re: sys_setpriority error

• Previous message: Stephen Smalley: "Re: Assurance, permissiveness, and restriction"
• Next in thread: Chris Wright: "Re: sys_setpriority error"
• Reply: Chris Wright: "Re: sys_setpriority error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 31 May 2001, Chris Wright wrote:

> I totally agree that this should be consistent.  The problem is that
> capabilities is fundamentally about overriding restrictions (at least that's
> my read of the P1003.1e draft).  Perhaps the changes to capable() calls
> should be reverted, and the hooks (like setnice()) should be placed apart
> from other authorization criteria to give the module authoritative control.

My vote is for this approach.  

--
Stephen D. Smalley, NAI Labs
ssmalleyat_private





_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Casey Schaufler: "Re: Assurance, permissiveness, and restriction"
• Previous message: Stephen Smalley: "Re: Assurance, permissiveness, and restriction"
• Next in thread: Chris Wright: "Re: sys_setpriority error"
• Reply: Chris Wright: "Re: sys_setpriority error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 11:18:24 PDT