It looks like we should have a hook in reparent_to_init (in kernel/sched.c in lsm-2.4 and kernel/exit.c in lsm-2.5) and move the capability-specific code into the capability module. This appears to be similar to exec_usermodehelper and the kmod_set_label hook, although the reparent_to_init function sets all of the capability-related fields rather than only setting cap_effective. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 23 2002 - 11:57:53 PDT