Re: [PATCH] [request for inclusion] Realtime LSM

From: Chris Wright
Date: Tue Jan 04 2005 - 22:46:48 EST

Next message: selvakumar nagendran: "Determining if a process blocks on a system call"
Previous message: Con Kolivas: "Re: How to write elegant C coding"
In reply to: Kyle Moffett: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Jack O'Quin: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Kyle Moffett (mrmacman_g4@xxxxxxx) wrote:
> Here's a relatively simple idea: Why not make the "Realtime LSM"
> just check for a certain "Realtime" credential in the new credential
> store (Patch is in 2.6.10, see [1] for control program). You would
> mark it as a system credential and give access to that credential via
> the appropriate capability with a small utility program.

Well, that's basically what the gid is in this case. It's the credential
that's set at login time and has all the proper sharing and inheritance
rules. So, I'm not yet convinced that this would buy us much.

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: selvakumar nagendran: "Determining if a process blocks on a system call"
Previous message: Con Kolivas: "Re: How to write elegant C coding"
In reply to: Kyle Moffett: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Jack O'Quin: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]