Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking

From: Chris Wright (chrisw@private)
Date: Fri Dec 17 2004 - 12:46:23 PST


* Stephen Smalley (sds@private) wrote:
> On Fri, 2004-12-17 at 15:29, Chris Wright wrote:
> > Why do you consider it a mistake?  It marks that you used a capability to
> > be able to grab that last bit of reserved memory?  Seems valid enough.
> > I can see it as troubling in the case where it's just used to mark a
> > flag on function call which may not be used.
> 
> It is called while computing the amount of free space, and is thus
> always applied, right?  Even if you aren't using that extra space
> reserved for root.  Or did I miss something?

Ah, yeah I see what you mean.  So calling ->capable() there is better.
Although, I have to admit, PF_SUPERPRIV is a pretty uninspired bit of
info IHMO ;-)

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net



This archive was generated by hypermail 2.1.3 : Fri Dec 17 2004 - 12:46:45 PST