Re: [RFC] [PATCH] Stacking through chaining (v3)

From: Chris Wright (chrisw@private)
Date: Tue Nov 30 2004 - 12:36:35 PST

* Serge E. Hallyn (serue@private) wrote:
> I don't think that calling of capable from modules is a problem, because it
> is not actually called from any module's capable itself.  It's used to
> check for specific privileges, and if any stacked LSM does not want to
> grant that privilege, then any action depending on that privilege should
> probably be refused.  So I'm actually leaning even more toward agreeing
> with Stephen that capable should be restrictive.

Yes, the short-circuit capable stuff has got to go.

> More of a problem is that setting capabilities calls capset_check.  In
> dummy.c this returns -EPERM.  So if selinux and capability are each loaded
> under stacker, without capability being stacked under selinux, then you
> can't set capabilities.

But that is a side-effect of selinux defaulting to the dummy ops as
secondary if nothing registers subordinate to it.  I believe this should
go away if stacking in done properly.

Linux Security Modules

This archive was generated by hypermail 2.1.3 : Tue Nov 30 2004 - 12:36:56 PST