* Casey Schaufler (caseyat_private) wrote: > > One more thing ... > > I wrote: > > > if (!(uid-checks-out-okay) && !capable(CAP_XYZ)) > > should be changed to: > > if (!capable(CAP_XYZ) && !(uid-checks-out-okay)) > > if C+R is going to be the Official way to use LSM. > Otherwise, the architecture is going to advocate > (require?) that code with potential side-effects > get executed in cases where it is at best unnecessary > and in some cases (side effects) may cause the system > to break. while i absolutely agree that side-effects can cause big headaches, i'm not sure that the in-kernel checks that utliize capable() will actually cause such a problem. in general, they tend to be simple uid tests, mode bit tests, etc. hmmm, time for another round of grepping i guess ;-) -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Nov 12 2001 - 12:26:48 PST