* Greg KH (gregat_private) wrote: > > Obviously the module_* hooks were wrong to do, as they are not being > used. So I want to remove them. Greg, I think this is a step in the wrong direction (backwards). Granted, the module_* hooks are duplicates with capable() hooks, but removing them is wrong. I believe the right thing to do is bite the bullet and deal with the duplication by removing the capable() hooks. kernel/module.c (x3) kernel/sysctl.c (x1) net/core/dev.c (x1) are the only refs I see...the first three being painfully simple ;-) > I think we should go back through all of the hooks and check to make > sure that they are in use, and that they are sanely protecting what we > think they are protecting, before we submit them to the main kernel > tree. > > Is this ok? This seems more than reasonable, but I believe we should consider collapsing capable() hooks into existing LSM hooks rather than the other way around. How's that sound? thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 01:22:14 PDT