On Wed, Sep 05, 2001 at 07:15:54PM +0000, David Wagner wrote: > I think possibly there is a misunderstanding here. The idea is not that > the capable() hook would make the decision; it wouldn't, in Smalley's > proposal. Instead, the capable() hook would always override the kernel > checks and treat allow the file access as allowed. Then, when the > LSM restrictive hook is called, the restrictive hook code has all the > information needed to make the authoritative decision, and so can make > the final call. In this way, it seems that you might get everything > you want, without changing the LSM architecture. Do you agree? This won't work for any cases where there exists some kernel logic, a restrictive hook, but no capable() call. Do any such cases exist (that are interesting from an access-control point of view)? (Forgive me, I haven't been looking at the LSM code as much as some others here.. :) _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 13:25:31 PDT