On Wed, 26 Mar 2003 18:56, Stephen D. Smalley wrote: > > I obviously need more caffeine.. I was pretty sure stuff running out > > of keventd was in the kernel context, and as a result was essentially > > trusted code. How would this work? > > Different jobs run from the keventd work queue (and different kernel > threads using reparent_to_init) are likely to require different > permissions, and it would be preferable to maintain them in separate > security "domains" rather than lumping them all into one all powerful > domain for least privilege purposes. Even "trusted" code should be Even just having them in the kernel context would be an improvement over the current situation. We have just had to change polity to allow the init program greater access than it would otherwise require because a kernel thread needed more access, which is not desirable. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Mar 26 2003 - 15:01:27 PST