On Wed, 31 Oct 2001, Chris Wright wrote: > the current netlink_send in dummy.c actually uses capabilities. this is > not the end of the world, but is a bit of a hack. > > admittedly, this is just another hack ;-) but i'd say it's closer to > the dummy charter (superuser permsisions). since we do not have a > blob in netlink_skb_parms (we've talked about this a few times), we can > steal the eff_cap for dummy's needs. > > thoughts/flames? > I'm don't think that we should overload the eff_cap field in this way, and it is still just replacing one hack with another as you mention. Non-dummy modules now need to make a policy decision about capabilities implementation, and potentially break encapsulation of the capabilities API in the process. - James -- James Morris <jmorrisat_private> _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Oct 31 2001 - 18:39:19 PST