On Wed, 5 Sep 2001, Casey Schaufler wrote: > OKay. I'll try again. I'll give two examples, one we're working > with the XFS group on, and one that's a request I've gotten from > a source best not named. These are both real cases. I'm not making > this up! I'm not questioning whether you need to override the DAC logic, even on a per-object basis. The question is whether you can achieve such functionality simply by using a combination of the capable hook (to override the kernel logic) and the restrictive hook (which becomes authoritative if you use capable to override the kernel logic). As I've said, the only potential problem with this approach is that you may need to recompute the DAC decision in the restrictive hook. But Chris Wright has suggested a novel use of the capable hook to save the DAC decision for later use by the restrictive hook, since capable is typically only called when DAC fails. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 12:09:35 PDT