Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking

From: Chris Wright (chrisw@private)
Date: Fri Dec 17 2004 - 12:46:23 PST

* Stephen Smalley (sds@private) wrote:
> On Fri, 2004-12-17 at 15:29, Chris Wright wrote:
> > Why do you consider it a mistake?  It marks that you used a capability to
> > be able to grab that last bit of reserved memory?  Seems valid enough.
> > I can see it as troubling in the case where it's just used to mark a
> > flag on function call which may not be used.
> It is called while computing the amount of free space, and is thus
> always applied, right?  Even if you aren't using that extra space
> reserved for root.  Or did I miss something?

Ah, yeah I see what you mean.  So calling ->capable() there is better.
Although, I have to admit, PF_SUPERPRIV is a pretty uninspired bit of
info IHMO ;-)

Linux Security Modules

This archive was generated by hypermail 2.1.3 : Fri Dec 17 2004 - 12:46:45 PST