lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Oct 2007 20:50:30 +0100 (CET) From: Jan Engelhardt <jengelh@...putergmbh.de> To: Casey Schaufler <casey@...aufler-ca.com> cc: Peter Dolding <oiaohm@...il.com>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: Linux Security *Module* Framework (Was: LSM conversion to static interface) On Oct 30 2007 12:14, Casey Schaufler wrote: > >while others including SELinux will go their own ways. So long >as LSMs are self contained and strictly restrictive the >mechanisms they use to modulate their behavior shouldn't be an >issue. If SELinux chooses to turn its MLS controls off between >midnight and 3am I can't see how that would be Smack's business, >even if they were somehow stacked. Multiple LSMs has issues, >like what should security_secid_to_secctx() return to the audit >system, but privilege model shouldn't be one of them. I am with you on that. And for everybody who missed it: MultiAdmin only grants rights at the same time commoncap does (e.g. on setuid and bprm_set_security). And all modules DO work with commoncap, now don't they? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists