On Mon, 1 Apr 2002, David Wheeler wrote: > I believe that several functions in Openwall don't > require any additional information in the kernel data structures. > Would it be possible to split out those capabilities into > a "partial openwall" module that implements those features? > I'm thinking about things like the Non-executable stack, > temp directory limitations, etc. That way, those functions could > be added to any system using insmod. Probably, although that would be up to the OWLSM module maintainers (not me). However, if you want SELinux+capabilities+OWLSM, you will also need to make some other changes. At present, I think that OWLSM has directly copied logic from the dummy module into its hook functions, so it is hardwired to provide OWLSM+superuser logic. This logic should be removed and replaced with the same kind of minimal stacking support provided by SELinux to permit stacking OWLSM with either the dummy or capabilities modules. Then, we would also need to revise SELinux to permit stacking multiple secondary modules so that you could stack both OWLSM and capabilities. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 01 2002 - 13:30:28 PST