On Mon, Sep 30, 2002 at 11:27:51AM -0700, Chris Wright wrote: > * Greg KH (gregat_private) wrote: > > > > Is subdomain going to be released under the GPL anytime soon? > > I hope so, yes. Ah, is that yes to both parts of that question? :) > > And is there any reason you can't use the capabilities check for these > > hooks, like SELinux does? From what I remember, SubDomain didn't check > > these hooks in the past with any finer-grained access rights from what > > capabilities would give you, or am I forgetting things? > > This is certainly true for reboot, and nearly true for module_*. However, > set*name is simply using CAP_SYS_ADMIN...I think the change should go > the other way. For example, it's simple to do: > > cap_sethostname(...) { return cap_capable(current, CAP_SYS_ADMIN); } That's reasonable. thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 15:33:31 PDT