On Fri, 3 Aug 2001 Valdis.Kletnieksat_private wrote: > That *certainly* sounds like he'd be at least willing to *consider* moving > *all* the current euid==0/capability/etc checking off into a module. > > By *my* reading, Linus is at least open to moving it *all* off to authoritative > hooks. Again, euid==0 vs. capabilities is NOT the same as the DAC logic. It relates to the ability to move the capabilities implementation out of the base kernel and make it optional, with the alternative being the traditional superuser tests. That is exactly what LSM is doing. Keep in mind that Linus' comments were a response to the presentation of SELinux at the Linux Kernel Summit. The focus was on adding support for implementing additional access control schemes like MLS, TE, and RBAC, not on replacing the base DAC logic. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 09:59:30 PDT