On Mon, 6 Aug 2001 jmjonesat_private wrote: > My concern is that there are many people working within the > "restrictive_only", priority in-kernel assumption right now. That > assumption will have subtle consequences that may later cause us concern, > or encumber other "flavors" of authoritative hooks. Well, actually, LSM doesn't limit you to this assumption even in its current form. As I said in a previous message to Casey in a message on this thread, a module can override the existing DAC logic entirely by using the capable hook, and can then define its own arbitrary logic via the other hook functions. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 11:36:40 PDT