Re: Assurance, permissiveness, and restriction

Previous message: Stephen Smalley: "Re: Assurance, permissiveness, and restriction"
In reply to: Casey Schaufler: "Re: Assurance, permissiveness, and restriction"
Next in thread: Chris Wright: "Re: Assurance, permissiveness, and restriction"
Next in thread: Titus D. Winters: "Re: Assurance, permissiveness, and restriction"
Next in thread: jmjonesat_private: "Re: Assurance, permissiveness, and restriction"
Reply: Chris Wright: "Re: Assurance, permissiveness, and restriction"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sdsat_private

On Mon, 4 Jun 2001, Casey Schaufler wrote:

> I guess that's my point. Sure, you can kludge it up
> so that it sorta works the way you'd like in this case,
> but it sure ain't generally useful.

I'm merely limited by the existing capable() interface,
which doesn't pass object information for relevant objects.
Of course, we could propose extending the capable() interface
(thereby allowing our capable hook to also pass object
information, thereby allowing our modules to implement
the kind of functionality I would like).  But that seems
like something that should be pursued separately and
not something that we should depend on for LSM.

--
Stephen D. Smalley, NAI Labs
ssmalleyat_private

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module