Re: Making forward progress

From: Stephen Smalley (sdsat_private)
Date: Fri Aug 03 2001 - 09:58:44 PDT

  • Next message: Valdis.Kletnieksat_private: "Re: Making forward progress"

    On Fri, 3 Aug 2001 Valdis.Kletnieksat_private wrote:
    > That *certainly* sounds like he'd be at least willing to *consider* moving
    > *all* the current euid==0/capability/etc checking off into a module.
    > By *my* reading, Linus is at least open to moving it *all* off to authoritative
    > hooks.
    Again, euid==0 vs. capabilities is NOT the same as the DAC logic.
    It relates to the ability to move the capabilities implementation
    out of the base kernel and make it optional, with the alternative
    being the traditional superuser tests.  That is exactly what LSM
    is doing.  
    Keep in mind that Linus' comments were a response to the
    presentation of SELinux at the Linux Kernel Summit.  The
    focus was on adding support for implementing additional access
    control schemes like MLS, TE, and RBAC, not on replacing the base 
    DAC logic.
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 09:59:30 PDT