* Stephen Smalley (sdsat_private) wrote: > > On Wed, 6 Feb 2002, Huagang Xie wrote: > > > > a new hook after the copy_string() > > > > security_ops->bprm_ops->post_alloc_security(&bprm); > > This seems preferable, although it should use a more descriptive name. > I assume that you want this hook to be able to return an error value. > > I don't have any objection to such a hook. Others? is it possible to delay such a hook until, say flush_old_exec? or perhaps this is enough justification for moving prepare_binprm to after the copy_strings since set_security should have enough info to label accurately. hmm, i suppose the capabilities pieces that are in set_security don't rely on being inside of prepare_binprm, so we could conceivably just move that hook. i'll stop thinking out loud now... ;-) i'd rather not introduce new hooks if we can solve the problem with existing hooks. thanks, -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 14:46:30 PST