On Tue, 12 Jun 2001, Greg KH wrote: > One of the explicit requirements to get LSM into the kernel was to have > the ability to make capabilities be a module. This allows the embedded > people to completely remove capabilities, as they really want this. I > don't think we can ignore this, no matter how much of a pain in the butt > it is :) I'm not adverse to moving the capabilities logic into a module, although I'm not convinced that it is a hard requirement - the NSA folks have a different recollection of what was said at the Linux Kernel Summit, and Linus' email doesn't seem to impose it as a hard requirement. But I would like to see the migration of the capabilities logic done in a more minimal and cleaner way than the current LSM patch, as I've previously proposed (e.g. leave existing capable and compute_creds calls untouched, separate the capability-specific logic out of ptrace, compute_creds, and set*id, leaving the base logic in place). I particularly want to ensure that the base LSM kernel provides reasonable Unix DAC + superuser security behavior without any security modules, which isn't the case with the current LSM patch. It also isn't clear as to whether we need to move the capability bits from the task_struct and the linux_binprm into the security blobs - Linus' email also seems to leave that door open to permit easy composition of other modules with capabilities. > What other changes (besides the elf header change) did you see that was > left over from Immunix changes, or were irrelevant? I thought I got all > of those out :) There is also a sysctl_codomain declaration in include/linux/sysctl.h. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jun 12 2001 - 10:15:33 PDT