* Stephen Smalley (sds@epoch.ncsc.mil) wrote:
> On Thu, 2003-04-24 at 09:03, Christoph Hellwig wrote:
> > Hmm, what would you think of changing the xattr_trusted security
> > model to fit your needs? It's so far unused outside XFS and there's
> > maybe a chance changing it.
>
> It would require removing the capable(CAP_SYS_ADMIN) checks from the
> xattr_trusted.c handler and implementing them in the capabilities
> security module (and corresponding superuser tests in the dummy security
> module) via the inode_setxattr and inode_getxattr hook functions. This
> would then permit security modules to implement their own permission
> checking logic for getxattr and setxattr calls for their attributes, and
> it would allow security modules to internally call the getxattr and
> setxattr inode operations without being subjected to these checks in
> order to manage the attributes.
Or perhaps introducing some of the CAP_MAC_* bits. In either case, it'd
be nice to reuse xattr_trusted if possible, IMHO.
thanks,
-chris
-- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Apr 30 2003 - 22:00:17 EST