[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1261874009.3684.58.camel@dyn9002018117.watson.ibm.com>
Date: Sat, 26 Dec 2009 19:33:29 -0500
From: Mimi Zohar <zohar@...ux.vnet.ibm.com>
To: "Serge E. Hallyn" <serue@...ibm.com>
Cc: Michael Stone <michael@...top.org>, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
Andi Kleen <andi@...stfloor.org>, David Lang <david@...g.hm>,
Oliver Hartkopp <socketcan@...tkopp.net>,
Alan Cox <alan@...rguk.ukuu.org.uk>,
Herbert Xu <herbert@...dor.apana.org.au>, Va@...per.es
Subject: Re: A basic question about the security_* hooks
On Thu, 2009-12-24 at 23:50 -0600, Serge E. Hallyn wrote:
<snip>
> Well, taking a step back - what exactly is the motivation for making this
> an LSM? Is it just to re-use the callsites? Or to provide a way to turn
> off the functionality? I ask bc the API is in the prctl code, so the LSM
> is conceptually always there, which is different from other LSMs.
>
> So if you (or your audience) really want this to be an LSM, then you should
> probably put your prctl code in a security_task_prctl() hook. Otherwise,
> perhaps we should just explicitly call your hooks in wrappers - or whatever was
> finally decided should be done with the security/integrity/ima hooks.
>
> -serge
Any place that a security hook and the IMA call co-existed, the IMA call
was moved to the security_ hook (security/security.c).
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists