* Serge E. Hallyn (serue@private) wrote: > I don't think that calling of capable from modules is a problem, because it > is not actually called from any module's capable itself. It's used to > check for specific privileges, and if any stacked LSM does not want to > grant that privilege, then any action depending on that privilege should > probably be refused. So I'm actually leaning even more toward agreeing > with Stephen that capable should be restrictive. Yes, the short-circuit capable stuff has got to go. > More of a problem is that setting capabilities calls capset_check. In > dummy.c this returns -EPERM. So if selinux and capability are each loaded > under stacker, without capability being stacked under selinux, then you > can't set capabilities. But that is a side-effect of selinux defaulting to the dummy ops as secondary if nothing registers subordinate to it. I believe this should go away if stacking in done properly. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
This archive was generated by hypermail 2.1.3 : Tue Nov 30 2004 - 12:36:56 PST