Re: Making forward progress

From: Stephen Smalley (sdsat_private)
Date: Mon Aug 06 2001 - 11:34:15 PDT

  • Next message: Crispin Cowan: "Re: Making forward progress"

    On Mon, 6 Aug 2001 jmjonesat_private wrote:
    > My concern is that there are many people working within the
    > "restrictive_only", priority in-kernel assumption right now.  That
    > assumption will have subtle consequences that may later cause us concern,
    > or encumber other "flavors" of authoritative hooks. 
    Well, actually, LSM doesn't limit you to this assumption even in
    its current form.  As I said in a previous message to Casey
    in a message on this thread, a module can override the existing DAC 
    logic entirely by using the capable hook, and can then define
    its own arbitrary logic via the other hook functions.  
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 11:36:40 PDT