Re: quotactl hook

From: David Wagner (dawat_private)
Date: Wed Sep 05 2001 - 16:45:12 PDT

  • Next message: Crispin Cowan: "Re: quotactl hook"

    Casey Schaufler  wrote:
    >The capable()+restrictive scheme fails if the existing kernel
    >code short circuits out on failure,
    
    Do you know of any such cases that make Smalley's approach unworkable?
    I don't, and I believe capable() and LSM have been coded with the
    intention such cases shouldn't exist.  If you know of any specific
    examples, I hope you will point them out, since any such examples would
    also indicate a more general problem that capable() can't be used to
    override the kernel logic in those cases.
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 17:00:50 PDT