Quoting Andrew Morgan ([EMAIL PROTECTED]): > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Serge E. Hallyn wrote: > >> Yes. I'd thought about adding a security_ops->inode_change() or > >> somesuch hook, but there were two reasons I didn't. First, this > >> should be done whether or not the capability module is loaded in > >> this kernel. If we're testing a kernel with only the dummy > > I'm not sure I know what the right behavior is in this case. A system > administration argument can be made for both behaviors. > > >> module, we still want this to happen. Second, only the capability > >> module needs this so far. If more modules end up needing this then > > Yes, it appears that this is currently the case. However, there has to > be a first user for everything! :-) > > >> we can make it more generic. But note that most security modules > >> will likely label data the way selinux does, for classification for > >> access control, rather than for granting privilege to unprivileged > >> processes. > > My main concern is that when this change is merged into the kernel, we > are likely to receive more (negative) feedback for a change that cannot > be compiled out... Since the security module infrastructure was created > exactly to abstract this sort of detail, and you have been able to add > support so far without adding code outside the security/ directory, it > feels, to me, like the 'right thing' to fold this change into the LSM > framework too.
Ok, it'll probably be a couple of days before I can look at this again, so maybe a cleaner way to make it more generic will come to me in the mean time. Meanwhile, any chance you would get some time to implement the cap_bset vs fcaps change you wanted? I'd have to look at my checklist to be sure, but I think that, a version of this patch, and then somehow addressing James' request for config-able forward compability of capabilities may finish off the feature request list (as it currently stands at least). thanks, -serge - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
