Re: [PATCH] Extended Attributes for Security Modules against 2.5.68

• Previous message: Stephen Smalley: "Re: [PATCH] Extended Attributes for Security Modules against 2.5.68"
• In reply to: Andreas Dilger: "Re: [PATCH] Extended Attributes for Security Modules against 2.5.68"
• Next in thread: Chris Wright: "Re: [PATCH] Extended Attributes for Security Modules against 2.5.68"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Andreas Dilger (adilgerat_private) wrote:
> 
> Couldn't that be used to do the trusted-namespace- means-CAP_SYS_ADMIN
> checks, but it can be replaced by other LSM security modules if desired?

I think that's what Stephen is saying.  The issue is, the "trusted."
handler uses CAP_SYS_ADMIN internally, after any other LSM check has
already occurred.  And the capable() check is too simple to know things
like which inode's xattr is in question at the moment or which namespace.
So Stephen was suggesting moving it out of the handler and putting it
in core code.

cheers,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: jiang99at_private: "Hello!"
• Previous message: Stephen Smalley: "Re: [PATCH] Extended Attributes for Security Modules against 2.5.68"
• In reply to: Andreas Dilger: "Re: [PATCH] Extended Attributes for Security Modules against 2.5.68"
• Next in thread: Chris Wright: "Re: [PATCH] Extended Attributes for Security Modules against 2.5.68"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 24 2003 - 13:52:23 PDT