Casey Schaufler wrote: >The capable()+restrictive scheme fails if the existing kernel >code short circuits out on failure, Do you know of any such cases that make Smalley's approach unworkable? I don't, and I believe capable() and LSM have been coded with the intention such cases shouldn't exist. If you know of any specific examples, I hope you will point them out, since any such examples would also indicate a more general problem that capable() can't be used to override the kernel logic in those cases. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 17:00:50 PDT