Re: [RFC] LSM changes for 2.5.38

From: Christoph Hellwig (hchat_private)
Date: Fri Sep 27 2002 - 11:19:43 PDT

  • Next message: Stephen Smalley: "Re: [RFC] No more module_* hooks"

    On Fri, Sep 27, 2002 at 02:09:02PM -0400, Valdis.Kletnieksat_private wrote:
    > On Fri, 27 Sep 2002 17:55:10 BST, Christoph Hellwig said:
    > 
    > > And WTF is the use a security policy that checks module arguments?  Do
    > > you want to disallow options that are quotes from books on the index
    > > or not political correct enough for a US state agency?
    > 
    > How about a security policy that says:
    > 
    > 1) Thou mayest do an 'modprobe wvlan_cs'
    > 
    > 2) Thou mayest not do 'modprobe wvlan_cs eth=0'.
    > 
    > 'eth=0' causes it to create the interface as 'wvlan0' 'wvlan1' etc rather
    > than 'eth0', 'eth1', etc.  This makes a difference if you have iptables
    > rules that say '-i eth+' or '-i wvlan+' that implement different rulesets
    > for wireless and hard-wired connections.
    
    So I have to download the driver source and change the parameter
    to i_m_to_fscking_intelligent_for_the_nsa_eth=0?
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 11:20:30 PDT