On Fri, Aug 26, 2005 at 02:00:56PM -0400, Stephen Smalley wrote:
>
> That makes capability part of the core kernel again, just like DAC,
> which means that you can never override a capability denial in your
> module. We sometimes want to override the capability implementation,
> not just apply fu
* Stephen Smalley ([EMAIL PROTECTED]) wrote:
> That one isn't so much an issue as the xattr ones and vm_enough_memory
> case. But more generally, if you think about moving toward a place
> where one can grant privileges to processes based solely on their
> role/domain, you'll need the same ability
On Fri, Aug 26, 2005 at 10:59:52AM -0700, Chris Wright wrote:
> * Tony Jones ([EMAIL PROTECTED]) wrote:
> > The discussion about composing with commoncap made me think about whether
> > this is the best way to do this. It seems that we're heading towards a
> > requirement that every module intern
On Fri, 2005-08-26 at 10:31 -0700, Tony Jones wrote:
> On Wed, Aug 24, 2005 at 06:20:30PM -0700, Chris Wright wrote:
>
> > static inline int security_ptrace (struct task_struct * parent, struct
> > task_struct * child)
> > {
> > +#ifdef CONFIG_SECURITY
> > return security_ops->ptrace (paren
* Tony Jones ([EMAIL PROTECTED]) wrote:
> The discussion about composing with commoncap made me think about whether
> this is the best way to do this. It seems that we're heading towards a
> requirement that every module internally compose with commoncap.
Not a requirement, it's a choice ATM.
On Wed, Aug 24, 2005 at 06:20:30PM -0700, Chris Wright wrote:
> static inline int security_ptrace (struct task_struct * parent, struct
> task_struct * child)
> {
> +#ifdef CONFIG_SECURITY
> return security_ops->ptrace (parent, child);
> +#else
> + return cap_ptrace (parent, child);
>
Collapse security stubs so that the def'n is done in one spot with ifdef
in function body rather than two separately defined functions.
Patch from Kurt Garloff <[EMAIL PROTECTED]>, and slightly altered by me to
make all ifdef sites consistent and move the prototype decl's to a sane
spot.
Signed-o
7 matches
Mail list logo
