Greg KH wrote: > On Wed, Jul 18, 2001 at 06:58:18PM -0700, Crispin Cowan wrote: > > > > Your private e-mail seemed to mis-understand the SubDomain security model. > > Yes, the absolute path name is the be-al and end-all that we need. What you > > outlined is an appropriate model for an ACL (access control list) model, but > > SubDomain is the dual of that. > > I'm not going to continue the SubDomain specific discussion on this > list, as it's off-topic. I think that it is on-topic, because it is discussing a feature of LSM that used to be there, and was removed. Removing that feature breaks SubDomain (we think). I also disbelieve that it is SubDomain-specific, because I expect SGI and LIDS to have similar problems. > If you find that you need to add another hook to the current LSM > interface to support your security module project, please present it and > everyone can evaluate it, like any other security module project can > (and should) do. That is precisely why I started this thread: we think we need that feature back again, and we're arguing for it. We'd be happy to be proven wrong, if someone can show us a pragmatic way to reconstruct the path name that the process tried to access. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 12:24:02 PDT