David Wagner wrote: > > First, one quibble: This is not about the order of MAC and DAC, > but rather about in-module checks vs. in-kernel checks. In the end, I believe that's a reasonable conclusion. > So, let me propose a possible compromise solution. Has anyone > thought about doing something like the following? > int rv = 0; > if (... in-kernel check fails...) > rv = -EPERM; > rv = security_ops->hook(rv, ...); > if (rv < 0) > return rv; > This way, the module gets to see both whether the in-kernel checks > succeeded or not and whether the in-module checks succeeded or not, > and then the module can set the policy on which is to take priority. If you assume that the in-kernel checks never have side-effects this could work, but would definitely be less than optimal. I really don't want to do a DAC check if I've failed MAC. -- Casey Schaufler Manager, Trust Technology, SGI caseyat_private voice: 650.933.1634 casey_pat_private Pager: 888.220.0607 _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 16:18:27 PDT