As suggested by Stephen Smalley: map the various sys_syslog operations
to a smaller set of privilege codes before calling security modules.
This patch changes the security module interface! There should be no
change in the actual security semantics enforced by dummy, capability,
nor SELinux (with
On Thu, 14 Dec 2006 17:21:25 -0800 Zack Weinberg wrote:
> On 12/14/06, Randy Dunlap <[EMAIL PROTECTED]> wrote:
> > > +#define security_syslog_or_fail(type) do { \
> > > + int error = security_syslog(type); \
> > > + if (error) \
>
On 12/14/06, Randy Dunlap <[EMAIL PROTECTED]> wrote:
> +#define security_syslog_or_fail(type) do { \
> + int error = security_syslog(type); \
> + if (error) \
> + return error; \
> + } wh
On Thu, 14 Dec 2006 16:16:41 -0800 Zack Weinberg wrote:
> As suggested by Stephen Smalley: map the various sys_syslog operations
> to a smaller set of privilege codes before calling security modules.
> This patch changes the security module interface! There should be no
> change in the actual sec
As suggested by Stephen Smalley: map the various sys_syslog operations
to a smaller set of privilege codes before calling security modules.
This patch changes the security module interface! There should be no
change in the actual security semantics enforced by dummy, capability,
nor SELinux (with
5 matches
Mail list logo
