Re: Problems with some of the current hooks

From: Stephen Smalley (sdsat_private)
Date: Mon Aug 06 2001 - 10:03:33 PDT

  • Next message: Stephen Smalley: "Re: Making forward progress"

    On Fri, 3 Aug 2001, Greg KH wrote:
    > Hm, inserting syscalls isn't the cleanest thing to do (let alone very
    > portable from what I have been told.)  I think we need to think about
    > this one some more.
    Ok, so what parts of capget and capset would you expect to migrate
    into the capability plug?  It seems like almost all of the 
    implementation of these two system calls needs to be moved,
    including the access control checking and the functional logic.
    This seems especially necessary if we move the capability bits into
    the security blobs.   I would think that each of these two system calls
    would be reduced to copying in parameters, calling a hook, and then 
    copying out parameters.
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 10:05:27 PDT