On Tue, 2004-12-07 at 16:40, Serge Hallyn wrote: > Are there good reasons not to use the attached patch? There is a reason; we can argue about whether it is good ;) When cap_ptrace or cap_bprm_apply_creds calls capable(), we do want that capability to be checked by SELinux as well, just as we would for a capable() call by the core kernel's ptrace_attach or compute_creds logic. From our perspective, the original capabilities logic is part of the core kernel, despite the fact that it has been pushed into a module. In order to independently apply that capability check in the corresponding SELinux hook function, we would have to duplicate the logic in the cap_ptrace or cap_bprm_apply_creds functions that decide whether or not to check that capability, and would end up duplicating most of those functions in their entirety. At that point, we lose any value from using cap_* at all and might as well just maintain our own copy of the entire logic in the SELinux hook functions. On the other side, with the current situation, we have to duplicate a copy of the logic in the cases where we need to customize it, e.g. vm_enough_memory, inode_setxattr, inode_removexattr. But I'd rather do that and be able to re-use cap_bprm_apply_creds than the other way around. -- Stephen Smalley <sds@private> National Security Agency
This archive was generated by hypermail 2.1.3 : Tue Dec 07 2004 - 12:53:03 PST