Re: [RFC] LSM changes for 2.5.38

From: Greg KH (gregat_private)
Date: Fri Sep 27 2002 - 09:55:56 PDT

  • Next message: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"

    On Fri, Sep 27, 2002 at 05:48:49PM +0100, Christoph Hellwig wrote:
    > > capable is needed to be checked, as we are not modifying the existing
    > > permission logic.
    > 
    > I odn't think it makes sense to have two security checks that both
    > end up in the LSM code after each other..
    
    For cases like the module_* hooks, and the other examples you pointed
    out, I agree.
    
    For other cases, capable() is just not fine grained enough to actually
    know what is going on (like CAP_SYS_ADMIN).  In those cases you need an
    extra hook to determine where in the kernel you are.
    
    thanks,
    
    greg k-h
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 09:58:41 PDT