Re: [PATCH] [request for inclusion] Realtime LSM

From: Valdis . Kletnieks
Date: Fri Jan 07 2005 - 17:13:51 EST

Next message: Andrew Morton: "Re: grsecurity 2.1.0 release / 5 Linux kernel advisories (fwd)"
Previous message: Andries Brouwer: "Re: /dev/random vs. /dev/urandom"
In reply to: Andrew Morton: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Chris Wright: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 07 Jan 2005 13:49:41 PST, Andrew Morton said:

> Chris Wright <chrisw@xxxxxxxx> wrote:

> > Last I checked they could be controlled separately in that module. It
> > has been suggested (by me and others) that one possible solution would
> > be to expand it to be generic for all caps.
>
> Maybe this is the way?

We already *know* how to (in principle) fix the capabilities system to make
it useful. We should probably investigate doing that and at the same time
fixing the current CAP_SYS_ADMIN mess (which we also have at least some ideas
on fixing). The remaining problem is possible breakage of software that's doing
capability things The Old Way (as the inheritance rules are incompatible).

Linus at one time said that a 2.7 might open if there was some issue that
caused enough disruption to require a fork - could this be it, or does somebody
have a better way to address the backward-combatability problem?

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Andrew Morton: "Re: grsecurity 2.1.0 release / 5 Linux kernel advisories (fwd)"
Previous message: Andries Brouwer: "Re: /dev/random vs. /dev/urandom"
In reply to: Andrew Morton: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Chris Wright: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]