Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking

From: Serge Hallyn (serue@private)
Date: Fri Dec 17 2004 - 14:52:23 PST


Oh, so it does.  Sorry.

The attached patch moves the helper to security.c:__vm_enough_memory(),
and switches dummy_vm_enough_memory to use it as well.  cap_ and dummy_
use their own capable() functions for CAP_SYS_ADMIN.

I hope I've got the logic right this time.  Behavior seems the same as
under FC3 stock kernel, but honestly neither does what I'd expect.  (I
plan to look into why next week  :)

FYI, I will be on the road this weekend without net access.

thanks,
-serge

On Fri, 2004-12-17 at 13:03 -0800, Chris Wright wrote:
> * Serge E. Hallyn (serue@private) wrote:
> > Yes, using the common helper, that would be the case.
> 
> Even without common helper, the code uses the capability bit to determine
> what size free and n or allowed are, where it may not be up against any
> critical boundary.
> 
> thanks,
> -chris
-- 
Serge Hallyn <serue@private>





This archive was generated by hypermail 2.1.3 : Fri Dec 17 2004 - 13:39:26 PST