On Thu, 25 Oct 2001, richard offer wrote: > With no subsequent discussion following posting of the last patch (which > incorporated changes to meet Chris's suggestions) all the issues appear to > have been put to bed so there should be no reason for not moving forward > with this. Could you take a second look at the sys_setpriority function in kernel/sys.c? With your patch, the 'error' value is cleared each time a matching process is found in the loop. I think that the original behavior (in the pure kernel and in the current LSM kernel) is that if there is a permission failure on any matching process, then the -EPERM or -EACCES value is supposed to be preserved for final return, even though the loop continues to check the remaining processes. That is why the current LSM kernel uses a separate no_nice variable for the return value of the setnice hook. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 07:56:26 PDT