On Fri, 9 Nov 2001, Stephen Smalley wrote: > I believe that this is functionally equivalent to making the permission > hook authoritative. In earlier discussions on this list, it was shown > that this capable+restrictive scheme doesn't work for all of the kernel > access controls (e.g. any case where CAP_SYS_ADMIN is used to override a > DAC decision, because it is also used authoritatively), but it appears to > work just fine in this case, and this appears to be sufficient for POSIX > ACLs. So, to emphasize this point, I see no reason why POSIX ACLs cannot be easily implemented as a LSM security module using the current LSM patch. The security logic requirements can be handled via the capable+restrictive scheme. The file labeling requirements can be handled via an implicit labeling scheme like DTE, an explicit labeling scheme like SELinux, or by using the separate extended attributes patch if desired. This might be an interesting exercise for someone on the list. You can probably leverage much of the POSIX ACLs implementation from http://acl.bestbits.at. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Nov 09 2001 - 06:32:31 PST