Re: PROBLEM: A Capability LSM Module serious bug

From: Chris Wright (chrisw@private)
Date: Mon Dec 08 2003 - 10:26:59 PST

  • Next message: Chris Wright: "Re: PROBLEM: A Capability LSM Module serious bug"

    * Serge E. Hallyn (hallyn@private) wrote:
    > The main question is do we declare cap_effective to belong solely to
    > capability.c, or do we want capability.c to trust previous LSM's
    > computations of those values?  So, even with the current case, if we
    > insmod, rmmod, then re-insmod capability, do we want to revoke all
    > previous cap_* computations?
    This is a common issue with the opaque blobs as well.
    > It seems reasonable for it "belong" to capability.c (and I've heard of
    > noone else wanting to use it).  I just don't think we've explicitly
    > declared this to be the case.
    Unfortunately, it's currently used by kernel proper.  So we need a
    generic solution.
    Linux Security Modules

    This archive was generated by hypermail 2b30 : Mon Dec 08 2003 - 10:28:20 PST