On Fri, Sep 27, 2002 at 06:01:18PM +0100, Christoph Hellwig wrote: > On Fri, Sep 27, 2002 at 09:55:56AM -0700, Greg KH wrote: > > For cases like the module_* hooks, and the other examples you pointed > > out, I agree. > > > > For other cases, capable() is just not fine grained enough to actually > > know what is going on (like CAP_SYS_ADMIN). In those cases you need an > > extra hook to determine where in the kernel you are. > > Either we make capable fine grained enough (64 or 128bit capability > vectors, I have some old code for that around and I know SGI used that > more than a year ago) or we replace the capable in those cases with hooks > entirely. I don't have a problem with either of these things, but don't see them being completed any time soon. Unless you have some time to work on this? thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 10:27:21 PDT