Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking

• Previous message: Serge Hallyn: "Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking"
• In reply to: Serge Hallyn: "Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking"
• Next in thread: Chris Wright: "Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking"
• Next in thread: Chris Wright: "Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking"
• Reply: Chris Wright: "Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Fri, 2004-12-17 at 16:00, Serge Hallyn wrote:
> Is that the behavior we want to preserve?  Or do we want to go ahead and
> use capable(CAP_SYS_ADMIN) in the dummy version?

IMHO, having vm_enough_memory trigger setting of the PF_SUPERPRIV flag
is a mistake.  dummy and capability should only be calling their own
private capable functions, not the top-level one.

-- 
Stephen Smalley <sds@private>
National Security Agency

• Previous message: Serge Hallyn: "Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking"
• In reply to: Serge Hallyn: "Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking"
• Next in thread: Chris Wright: "Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking"
• Next in thread: Chris Wright: "Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking"
• Reply: Chris Wright: "Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Dec 17 2004 - 12:28:59 PST