* Stephen Smalley (sdsat_private) wrote: > > On Tue, 7 May 2002, Chris Wright wrote: > > > There is still the issue that the capable() hook can sleep. We can't > > distinguish these capable() calls, and in SELinux, for example, capable() > > could call task_alloc_security() which could sleep (unless I'm misreading > > the code). Placing the proposed permission_lite() hook ahead of the DAC > > checks could fix this, but it would be out of sync with the rest of the > > LSM hooks where placement is intended to be after DAC checks. > > True, but that's a module problem. Hrmph...conceptually this argument applies to placing a standard permission() hook in exec_permission_lite(). The only fundamental difference is the likelihood of trouble wrt. dcache lock. Unless there's a better alternative, I'll commit the permission_lite() hook later today. cheers, -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue May 07 2002 - 10:57:19 PDT