Re: Updated auth patch for 2.4.12

From: Stephen Smalley (sdsat_private)
Date: Thu Oct 11 2001 - 11:59:36 PDT

  • Next message: Greg KH: "Re: Updated auth patch for 2.4.12"

    On Thu, 11 Oct 2001, Crispin Cowan wrote:
    
    > This looks like Richard trying to make the hook authoritative. It was
    > widely agreed at the August BOF that we would switch to authoritative
    > hooks if SGI could overcome a few obstacles.
    >
    > Is there any reason to object to this change besides "don't like
    > authoritative"?
    
    Actually, this change doesn't seem like an authoritative hook issue.  It
    ensures that the post_create hook is always called (on success or
    failure), but it doesn't allow the post_create hook to change the return
    status.  I was viewing this change as being either for audit purposes or
    to support stateful access control policies that need to be notified when
    an operation completes, regardless of whether the operation failed or
    succeeded (which could be alternatively viewed as an access control policy
    that depends on audit information).  In any event, the change seems innocuous
    to me.
    
    --
    Stephen D. Smalley, NAI Labs
    ssmalleyat_private
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Oct 11 2001 - 12:02:03 PDT