On Thu, 2003-04-24 at 15:40, Andreas Dilger wrote: > Couldn't that be used to do the trusted-namespace- means-CAP_SYS_ADMIN > checks, but it can be replaced by other LSM security modules if desired? If we move the CAP_SYS_ADMIN checks from the trusted xattr handlers to the corresponding hook functions in the capabilities module, then we can replace those checks with our own permission checking for user process access to trusted.selinux and avoid any restrictions when the SELinux module internally performs getxattr and setxattr inode operations to manage the security labels. This isn't difficult to implement, but implies a change in meaning for the trusted namespace. As I understand it, that namespace is intended for attributes that can be managed by superuser processes. Using that namespace for SELinux means that it will also be used for attributes managed and used internally by the security module for access control purposes. I'm not sure that you want to mix them; it would be similar to putting ACLs in the trusted namespace. -- Stephen Smalley <sdsat_private> National Security Agency _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Apr 24 2003 - 13:05:01 PDT