Re: [PATCH] [request for inclusion] Realtime LSM

From: Paul Davis
Date: Fri Jan 07 2005 - 11:28:16 EST

Next message: autoreply: "Support Changes for NBN & TLG - PLEASE READ"
Previous message: Paul Davis: "Re: [PATCH] [request for inclusion] Realtime LSM"
In reply to: Martin Mares: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Arjan van de Ven: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>It's quite probable that the current system of capabilities is not well
>suited for this, but I think that although it's tempting to work around it
>by introducing a new security module, in the long term it's much better
>to extend and/or fix the capabilities -- I don't see any fundamental reason
>for capabilities being unusable for this goal, it's much more likely to be
>just minor details in the implementation.

capabilities work - we use them in 2.4 where a helper suid application
gets the ball rolling, and then its child grants capabilities to new
clients.

the problem we have with capabilities is that capabilities are not
enabled by default in the vanilla kernel, and there seems to be
considerable advice suggesting that they should not be enabled.

--p
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: autoreply: "Support Changes for NBN & TLG - PLEASE READ"
Previous message: Paul Davis: "Re: [PATCH] [request for inclusion] Realtime LSM"
In reply to: Martin Mares: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Arjan van de Ven: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]