* David Wagner (dawat_private) wrote: > Stephen Smalley wrote: > >3) In some cases, we may add other LSM hooks to operations that are > >already authoritatively controlled by capable() in order to > >provide finer-grained distinctions than are possible with the > >capable() calls. But we try to leverage the existing capable() calls > >to the greatest extent possible, only introducing these finer-grained > >hooks where we have a clear argument that the capable() call is > >inadequate. > > I'm not too certain about this one. How often is capable() used > authoritatively? My impression is that capable() is usually used > in contexts where it is permissive rather than authoratitive---am > I wrong? My Super Advanced Grep Teet (TM) shows capable being called ~550 times. In ~410 cases, the calls are "authoritative." In this context, that means ~410 calls are not embedded with any other access control logic. -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jun 11 2001 - 11:03:25 PDT