Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)

• Previous message: Stephen Smalley: "Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)"
• In reply to: Stephen Smalley: "Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)"
• Next in thread: John Johansen: "Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)"
• Next in thread: Chris Wright: "Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, 2004-10-20 at 08:23, Stephen Smalley wrote:
> - Add a separate post hook to setscheduler after locks are dropped, and
> do all auditing from it.  Likely requires changing existing setscheduler
> hook to return some state to pass along to the post hook for auditing in
> addition to the error code itself.

And this would presumably mean moving the entire set of security checks
into the setscheduler hook, so that we could handle the capable() check
similarly, i.e. we would use a special non-auditing form of capable
within the setscheduler hook, and then return state to be passed to the
post hook for audit generation.

-- 
Stephen Smalley <sds@private>
National Security Agency

• Previous message: Stephen Smalley: "Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)"
• In reply to: Stephen Smalley: "Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)"
• Next in thread: John Johansen: "Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)"
• Next in thread: Chris Wright: "Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Oct 20 2004 - 05:48:30 PDT