Re: [RFC] LSM changes for 2.5.38

• Previous message: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
• In reply to: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
• Next in thread: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
• Next in thread: Stephen Smalley: "Re: [RFC] LSM changes for 2.5.38"
• Reply: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Sep 27, 2002 at 05:48:49PM +0100, Christoph Hellwig wrote:
> > capable is needed to be checked, as we are not modifying the existing
> > permission logic.
> 
> I odn't think it makes sense to have two security checks that both
> end up in the LSM code after each other..

For cases like the module_* hooks, and the other examples you pointed
out, I agree.

For other cases, capable() is just not fine grained enough to actually
know what is going on (like CAP_SYS_ADMIN).  In those cases you need an
extra hook to determine where in the kernel you are.

thanks,

greg k-h
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
• Previous message: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
• In reply to: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
• Next in thread: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
• Next in thread: Stephen Smalley: "Re: [RFC] LSM changes for 2.5.38"
• Reply: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 09:58:41 PDT