On Tue, 4 Sep 2001, David Wheeler wrote: > So far, no one's shown a way for SGI to meet their needs using > restrictive-only hooks. jmjones' desires aren't met either. That isn't entirely true. I've previously noted that SGI (or anyone else) is free to use the existing capable hook to override the kernel DAC logic and can then implement any arbitrary logic it wants using the restrictive hooks. In particular, for SGI, the restrictive hook could perform the MAC check first and return a MAC error code if it fails, then recompute and return (and optionally audit) the DAC decision. Chris Wright has even suggested that SGI may be able to avoid recomputing the DAC decision by saving state when the capable hook is called, since it is only called when DAC fails. So, strictly speaking, the authoritative hooks don't provide any greater generality than the current hooks. And they do impose a cost in terms of the complexity and size of the patch, with potential ramifications for the acceptance of the patch by the kernel developers. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 06:33:26 PDT