* Russell Coker (russellat_private) wrote: > > Is kmod_t going away or going to cease being used for modprobe/hotplug? That's a policy decision for SELinux. The kmod_set_label hook is gone, so it's not as obvious how to apply that Type. Both are execve()'d, so there is _that_ domain transistion, although it's potentially not the same transistion that you'd expect when someone executes insmod from userspace directly. > I think that having the lockd thread in question running as kmod_t is not a > good idea, it's not what you would expect. kernel_t would be logical choice > as a new user would expect such a kernel thread to run in kernel_t. I'd expect lockd to run as kernel_t, not kmod_t. > A completely different SID would be OK, but then would we need a series of > different SIDs for different kernel threads? I don't think so. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Mar 27 2003 - 10:02:39 PST