On Fri, 03 Aug 2001 12:38:25 EDT, Stephen Smalley said: > I think you're taking Linus' statements out of context. By "policy", > I think he was referring back to his statement about "uid==0" vs. > capabilities vs. TE vs. MLS... Again, this is not about the existing > kernel DAC logic. What Linus said in the next paragraph (if Crispin Cowan cited him correctly: > and then just have a opaque per-security-model security ID thing scattered > around in critical places (the obvious being the thread structure, files, > directory cache, inodes, etc). And instead of having _any_ policy at all, > the kernel would just call the security procedure. Which might choose to > fail (-EFASCIST) or might choose to return success but silently downgrade > the security of the process that does the action, or whatever. "the kernel would just call the security procedure". That *certainly* sounds like he'd be at least willing to *consider* moving *all* the current euid==0/capability/etc checking off into a module. By *my* reading, Linus is at least open to moving it *all* off to authoritative hooks. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 09:47:32 PDT