Re: cdrecord deadlocks linux (problem in setscheduler)

From: Stephen Smalley (sds@private)
Date: Wed Oct 20 2004 - 05:44:35 PDT

On Wed, 2004-10-20 at 08:23, Stephen Smalley wrote:
> - Add a separate post hook to setscheduler after locks are dropped, and
> do all auditing from it.  Likely requires changing existing setscheduler
> hook to return some state to pass along to the post hook for auditing in
> addition to the error code itself.

And this would presumably mean moving the entire set of security checks
into the setscheduler hook, so that we could handle the capable() check
similarly, i.e. we would use a special non-auditing form of capable
within the setscheduler hook, and then return state to be passed to the
post hook for audit generation.

Stephen Smalley <sds@private>
National Security Agency

This archive was generated by hypermail 2.1.3 : Wed Oct 20 2004 - 05:48:30 PDT