Casey Schaufler wrote: > Symantics require an authoritative hook. [...] > The capable() function > does not have enough information (it lacks the file attributes > and the type of access) to intercede. I think maybe Smalley's point about how to use capable() deserves to be repeated. The idea is that you implement a capable() hook that returns "ALLOWED" on everything (thus this hook doesn't need access to file attributes), which will override the kernel's mode bit checks. Then, you implement a restrictive hook that uses the information it has about file attributes and type of access to make the authoritative decision on whether the file access should be allowed. This approach allows you to simulate everything you'd get from authoritative hooks, with no changes to the existing LSM (restrictive hook) code. Thus, I think what you want can already be achieved without any changes to LSM. Am I missing something? _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 13:17:36 PDT