Hi guys,
The mailing list seems like the wrong place to email but i don't know
what to do about the error i'm geting from the bitkeeper tree:
matt:/net/home/matt(11)> bk clone bk://lsm.immunix.org:5555 lsm
ERROR-Lock fail: possible permission problem.
In responce to the "permissive vs. restrictive issue and ..." message
about ptrace, my answer to the problem when i ran into it was to just
overload capablity() and do the perm check there.
My code is messy for right now and i plan to move my project(kip.sf.net)
over to the LSM as soon as possible:
static inline int capable(int cap)
{
/* Don't allow ptrace of special apps. */
if (current->cap_special && CAP_SYS_PTRACE == cap && !cyl_cap_stdvune())
return 0;
if (CAP_SYS_MODULE == cap && !cyl_cap_stdvune())
return 0;
if (CAP_SYS_BOOT == cap && !cyl_cap_stdvune())
return 0;
if (CAP_SYS_RAWIO == cap && !cyl_cap_stdvune())
return 0;
...
}
Instead of if statement you could use an index into a function table or
such. or use funky macro tricks to clean up the overall code (a little
messy in the background details tho').
Anyway, help with the bitkeeper tree would be much appriciated.
--matt wimer
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jun 05 2001 - 17:23:23 PDT