Re: [RFC] LSM changes for 2.5.38

From: Valdis.Kletnieksat_private
Date: Fri Sep 27 2002 - 11:09:02 PDT

  • Next message: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"

    On Fri, 27 Sep 2002 17:55:10 BST, Christoph Hellwig said:
    
    > And WTF is the use a security policy that checks module arguments?  Do
    > you want to disallow options that are quotes from books on the index
    > or not political correct enough for a US state agency?
    
    How about a security policy that says:
    
    1) Thou mayest do an 'modprobe wvlan_cs'
    
    2) Thou mayest not do 'modprobe wvlan_cs eth=0'.
    
    'eth=0' causes it to create the interface as 'wvlan0' 'wvlan1' etc rather
    than 'eth0', 'eth1', etc.  This makes a difference if you have iptables
    rules that say '-i eth+' or '-i wvlan+' that implement different rulesets
    for wireless and hard-wired connections.
    -- 
    				Valdis Kletnieks
    				Computer Systems Senior Engineer
    				Virginia Tech
    
    
    
    

    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module



    This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 11:10:29 PDT