richard offer wrote: >capable() is not a substitute for authoritative hooks, there is >insufficient information available inside the hook on which to make any >decision that is more complex than "is this process running with >privilege". I think possibly there is a misunderstanding here. The idea is not that the capable() hook would make the decision; it wouldn't, in Smalley's proposal. Instead, the capable() hook would always override the kernel checks and treat allow the file access as allowed. Then, when the LSM restrictive hook is called, the restrictive hook code has all the information needed to make the authoritative decision, and so can make the final call. In this way, it seems that you might get everything you want, without changing the LSM architecture. Do you agree? _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 13:18:29 PDT