On Wed, 31 Oct 2001, Chris Wright wrote: > the current netlink_send in dummy.c actually uses capabilities. this is > not the end of the world, but is a bit of a hack. > > admittedly, this is just another hack ;-) but i'd say it's closer to > the dummy charter (superuser permsisions). since we do not have a > blob in netlink_skb_parms (we've talked about this a few times), we can > steal the eff_cap for dummy's needs. > > thoughts/flames? I don't think it is a good idea to overload eff_cap in this way. Also, does this even compile if you define STRICT_CAP_T_TYPECHECKS in include/linux/capability.h? I'd suggest leaving it alone. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Nov 01 2001 - 04:32:24 PST