Re: [RFC] LSM changes for 2.5.38

Christoph Hellwig (hch@infradead.org)
Fri, 27 Sep 2002 18:01:18 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mike Anderson: "Re: [PATCH] deadline io scheduler"
Previous message: Shaya Potter: "Re: using memset in a module"

On Fri, Sep 27, 2002 at 09:55:56AM -0700, Greg KH wrote:
> For cases like the module_* hooks, and the other examples you pointed
> out, I agree.
>
> For other cases, capable() is just not fine grained enough to actually
> know what is going on (like CAP_SYS_ADMIN). In those cases you need an
> extra hook to determine where in the kernel you are.

Either we make capable fine grained enough (64 or 128bit capability
vectors, I have some old code for that around and I know SGI used that
more than a year ago) or we replace the capable in those cases with hooks
entirely.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mike Anderson: "Re: [PATCH] deadline io scheduler"
Previous message: Shaya Potter: "Re: using memset in a module"