Re: permissive vs. restrictive issue and solutions...

Previous message: jmjonesat_private: "Re: permissive vs. restrictive issue and solutions..."
In reply to: Stephen Smalley: "Re: permissive vs. restrictive issue and solutions..."
Next in thread: Chris Wright: "Re: permissive vs. restrictive issue and solutions..."
Next in thread: Titus D. Winters: "Re: permissive vs. restrictive issue and solutions..."
Reply: Chris Wright: "Re: permissive vs. restrictive issue and solutions..."
Reply: David Wagner: "Re: permissive vs. restrictive issue and solutions..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sdsat_private

On Tue, 5 Jun 2001, Stephen Smalley wrote:

> The capable() function remains
> as a stub that calls the LSM capable() hook (or, better, we
> use a script to globally replace all calls to capable() with a
> direct call to the hook).

Actually, we can avoid the trouble of even this kind of pervasive
change simply by restoring the capable() static inline function
in sched.h and then replacing its contents with a call to the
LSM capable hook.  That makes our patch even cleaner without
costing us anything.

--
Stephen D. Smalley, NAI Labs
ssmalleyat_private

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module