Re: Capability tests in netlink and oom_kill

From: Chris Wright (chrisat_private)
Date: Tue Aug 21 2001 - 12:13:25 PDT

  • Next message: Stephen Smalley: "Re: Capability tests in netlink and oom_kill"

    * Stephen Smalley (sdsat_private) wrote:
    > 
    > Other modules are free to use the skb security field if they wish
    > to store other information, but there is no requirement to do so.
    > Modules can follow the same approach as the dummy module (i.e.
    > check the sending process's attributes in netlink_send and only
    > set CAP_NET_ADMIN in eff_cap if the process is authorized).  This
    > avoids any dependency on the skb security field for this change.
    
    this seems better.  a long time ago, we removed the eff_cap field,
    but we wound up returning all kernel_cap_t fields to structs in an
    attempt to support simple composition with the capabilities module
    (as an exception).  this was basically in accordance with suggestions
    linus made.
    
    -chris
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Aug 21 2001 - 12:21:03 PDT