Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking

From: Chris Wright (chrisw@private)
Date: Fri Dec 17 2004 - 12:15:50 PST


* Serge Hallyn (serue@private) wrote:
> On Fri, 2004-12-17 at 09:15 -0800, Chris Wright wrote:
> > Yes I think we want to avoid duplication whereever possible, it's just
> > asking for stale code.  The dummy logic wasn't using capable()
> > so it's not a full copy (easy to remedy).
> 
> Is that the behavior we want to preserve?  Or do we want to go ahead and
> use capable(CAP_SYS_ADMIN) in the dummy version?

The dummy version of capable == euid check, so moving to capable is
fine.  Only diff is with PF_SUPERPRIV (guess it should've been doing it
already).  In general, using generic helpers is by far the preferred
method.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net



This archive was generated by hypermail 2.1.3 : Fri Dec 17 2004 - 12:47:33 PST