On Fri, Dec 13, 2002 at 09:28:35PM -0800, Crispin Cowan wrote: > Greg KH wrote: > > >I also fixed up the owlsm module, based on the fact that we don't have > >to have a bunch of "NULL" functions around anymore. But in doing that I > >realized that it doesn't have a lot of the default capabilities > >functionality in it. Now that the capability functions are exported, > >this is easy to add, if it's wanted. > > > >So should I add this? Or is owlsm just a "test" module that will never > >be added to the main kernel tree? > > > OWLSM embodies several pathology prevention policies that are ideal for > a module: > > * root doesn't follow symlinks in selected circumstances > * non-root can't hard link to files owned by root > * [new from Yiyang Fei] no ptrace for root processes This isn't what I meant, I understand what they are supposed to do. > So yes, I think the OWLSM module is ideal for inclusion in the mainline > kernel. In the current format of excluding the "normal" capabilities functionality? Is that acceptable? That's what I was asking. > It has not been maintained lately, because Chris has other priorities. > If someone (Greg?) wants to work on OWLSM to bring it up to speed, that > would be great. If not, we'll get to it eventually. Any time frame? Like after whenever SubDomain is ported to LSM? :) > Thanks to Greg for the OWLSM improvements. Heh, they were trivial, no problem. greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Dec 13 2002 - 23:05:32 PST