Re: [RFC] LSM changes for 2.5.38

From: Greg KH (gregat_private)
Date: Fri Sep 27 2002 - 10:24:28 PDT

  • Next message: Valdis.Kletnieksat_private: "Re: [RFC] LSM changes for 2.5.38"

    On Fri, Sep 27, 2002 at 06:01:18PM +0100, Christoph Hellwig wrote:
    > On Fri, Sep 27, 2002 at 09:55:56AM -0700, Greg KH wrote:
    > > For cases like the module_* hooks, and the other examples you pointed
    > > out, I agree.
    > > 
    > > For other cases, capable() is just not fine grained enough to actually
    > > know what is going on (like CAP_SYS_ADMIN).  In those cases you need an
    > > extra hook to determine where in the kernel you are.
    > 
    > Either we make capable fine grained enough (64 or 128bit capability
    > vectors, I have some old code for that around and I know SGI used that
    > more than a year ago) or we replace the capable in those cases with hooks
    > entirely.
    
    I don't have a problem with either of these things, but don't see them
    being completed any time soon.  Unless you have some time to work on
    this?
    
    thanks,
    
    greg k-h
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 10:27:21 PDT