> -----Original Message----- > From: linux-security-module-adminat_private > [mailto:linux-security-module-adminat_private]On Behalf Of Seth Arnold > Sent: Wednesday, September 05, 2001 4:02 AM > To: linux-security-moduleat_private > Subject: Re: quotactl hook > > > On Sat, Sep 01, 2001 at 06:46:36PM -0400, jmjonesat_private wrote: > > 1) authoritative hooks: YES, NO, CONDITIONAL (how?) > > It is my understanding that we are waiting on SGI to produce a patch > that Works For Them, then the rest of us will beat on the > patch. I tried > goading SGI into saying whether or not they wanted, really wanted, or > absolutely needed, an authoritative-hooks patch. :) I think > Richard said > something that would fall between really wanted and absolutely needed. > > We await a patch. :) Well here it is... it's an updated version of Stephen Smalley's repost (thanks for the patch Stephen). The patch doesn't fix all our problems but it does improve our situation considerably as it will continue to make LSM an option for us. We would, of course, like the entire patch to be committed but we aren't expecting that to happen. Most of the changes are independent of each other so it is not necessary to have the entire patch committed (at least not at once :-)). Some changes, like to fs/namei.c:permission(), are both simple and critical to our needs so please don't reject these changes because of other more intrusive ones. > > > 2) DAC bypass (as an option), YES, NO, CONDITIONAL (how?) > > Allow me to remind everyone of the capable() hook. Go nuts. :) > > > _______________________________________________ > linux-security-module mailing list > linux-security-moduleat_private > http://mail.wirex.com/mailman/listinfo/linux-security-module > --- Lachlan McIlroy Phone: +61 3 9596 4155 Trusted Linux Fax: +61 3 9596 2960 Adacel Technologies Ltd www.adacel.com
This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 19:11:16 PDT