Re: [RFC] No more module_* hooks

From: Greg KH (gregat_private)
Date: Mon Sep 30 2002 - 15:30:17 PDT

  • Next message: Greg KH: "Re: [RFC] No more module_* hooks"

    On Mon, Sep 30, 2002 at 11:27:51AM -0700, Chris Wright wrote:
    > * Greg KH (gregat_private) wrote:
    > > 
    > > Is subdomain going to be released under the GPL anytime soon?
    > 
    > I hope so, yes.
    
    Ah, is that yes to both parts of that question?  :)
    
    > > And is there any reason you can't use the capabilities check for these
    > > hooks, like SELinux does?  From what I remember, SubDomain didn't check
    > > these hooks in the past with any finer-grained access rights from what
    > > capabilities would give you, or am I forgetting things?
    > 
    > This is certainly true for reboot, and nearly true for module_*.  However,
    > set*name is simply using CAP_SYS_ADMIN...I think the change should go
    > the other way.  For example, it's simple to do:
    > 
    > cap_sethostname(...) { return cap_capable(current, CAP_SYS_ADMIN); }
    
    That's reasonable.
    
    thanks,
    
    greg k-h
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 15:33:31 PDT