Re: Capability tests in netlink and oom_kill

• Previous message: Evan Sarmiento: "Re: FreeBSD hooks"
• In reply to: Stephen Smalley: "Re: Capability tests in netlink and oom_kill"
• Next in thread: Stephen Smalley: "Re: Capability tests in netlink and oom_kill"
• Next in thread: Stephen Smalley: "Re: Capability tests in netlink and oom_kill"
• Reply: Stephen Smalley: "Re: Capability tests in netlink and oom_kill"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Stephen Smalley (sdsat_private) wrote:
> 
> Other modules are free to use the skb security field if they wish
> to store other information, but there is no requirement to do so.
> Modules can follow the same approach as the dummy module (i.e.
> check the sending process's attributes in netlink_send and only
> set CAP_NET_ADMIN in eff_cap if the process is authorized).  This
> avoids any dependency on the skb security field for this change.

this seems better.  a long time ago, we removed the eff_cap field,
but we wound up returning all kernel_cap_t fields to structs in an
attempt to support simple composition with the capabilities module
(as an exception).  this was basically in accordance with suggestions
linus made.

-chris

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Stephen Smalley: "Re: Capability tests in netlink and oom_kill"
• Previous message: Evan Sarmiento: "Re: FreeBSD hooks"
• In reply to: Stephen Smalley: "Re: Capability tests in netlink and oom_kill"
• Next in thread: Stephen Smalley: "Re: Capability tests in netlink and oom_kill"
• Next in thread: Stephen Smalley: "Re: Capability tests in netlink and oom_kill"
• Reply: Stephen Smalley: "Re: Capability tests in netlink and oom_kill"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 21 2001 - 12:21:03 PDT