Re: permissive vs. restrictive issue and solutions...

From: Chris Wright (chrisat_private)
Date: Thu Jun 07 2001 - 09:45:14 PDT

  • Next message: Chris Wright: "module's use of security_ops"

    * Stephen Smalley (sdsat_private) wrote:
    > 
    > On Tue, 5 Jun 2001, Chris Wright wrote:
    > 
    > > as a minor nitpick... making a static inline function in sched.h that
    > > calls security_ops->capable() will not work without fully exporting
    > > the security_ops structure (there are _many_ calls to capable() in
    > > drivers/modules).  in lieu of exporting the security_ops structure to
    > > modules, we _can_ (and do) export a function capable() (neither static
    > > nor inline) that calls security_ops->capable().
    > 
    > Isn't this also applicable to compute_creds?  What about binary format
    > implementations that exist as modules and need to call compute_creds?
    > Don't you need to keep an exported compute_creds function that 
    > calls security_ops->bprm_ops->compute_creds?  That would also
    > allow you to revert your changes to the various compute_creds
    > calls.
    
    Yes, you are right.  Thanks for pointing this out.  I will revert the
    changes.
    
    -chris
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Jun 07 2001 - 09:49:28 PDT