Crispin Cowan wrote: > Basically, OWLSM implements what it can and what is needed. > > It also got used as a place to implement a "no ptrace for root > processes" hack. I'm not sure if that hack is in the BK published > version or not, but it should be. I don't really see which features get implemented by which module .. or is there no strict separation between the tasks of the modules 'capability' and 'owlsm' ? For instance "no ptrace for root processes" might as well fit in the capabilities module in my opinion. > OWLSM is a good place to add pathology-prevention hacks that are > beneficial to a production server, but a little too intrusive to be a > native Linux kernel enhancement. So if you have a suggestion for > another pathology prevention feature, consider adding it to OWLSM. ok :->. thanks, Jonathan -- _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Mar 26 2003 - 04:29:30 PST