On Fri, 26 Oct 2001, Stephen Smalley wrote: > A second concern: In do_remount, you made it possible to override some > functional tests (check_mnt, nd->dentry != nd->mnt->mnt_root) with the > authoritative hook. Why? I don't think that we want to allow a security > module to override these kinds of checks. Sorry if this has come up > previously - I've been too preoccupied with other things to follow this > thread recently. Oh, never mind. My mistake. I see that you don't actually allow the hook to change the err value. So this is just ensuring that the post hook is always called. I was confused by the fact that you do this both for access control tests (the capable call) and functional tests. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 08:15:29 PDT