Re: [patch] reparent_to_init hook

From: Chris Wright (chrisat_private)
Date: Thu Jul 11 2002 - 18:04:40 PDT

  • Next message: James Morris: "Re: Submitting LSM (Was: Re: OLS Bof info)"

    * Stephen Smalley (sdsat_private) wrote:
    > 
    > The attached patches for lsm 2.4 and 2.5 add a hook to the
    > reparent_to_init function and move the capability-specific logic
    > from this function into the capabilities module.  The patches also add at
    > least stub hook functions to each security module in the tree.
    > 
    > For the dummy security module, I wasn't certain whether to leave the
    > hook function empty or to set the euid and fsuid to 0.  The original
    > reparent_to_init function only sets the capability fields, not the
    > [e|fs]uid fields, but code that uses reparent_to_init will likely break if
    > we do not set these fields in the dummy module so that subsequent
    > capable() calls will succeed.  Hence, it may be best if I add code to set
    > the euid and fsuid in the dummy (and owlsm) modules prior to committing
    > these patches.
    
    This looks sane, althgough I do think we'll need the dummy/owlsm hook filled
    in.
    
    thanks,
    -chris
    -- 
    Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 18:06:32 PDT