capable is needed to be checked, as we are not modifying the existing
permission logic.
> Also is there a _real_ need to pass in all the arguments?
I'll let Stephen answer that one, as SELinux uses it.
Oops, ok, nevermind, I don't see _any_ security module using this hook.
In fact they are using the capable(CAP_SYS_RAWIO) hook, which is exactly
what you suggest :)
I'll go remove it.
> > return -EPERM;
> > }
> > + retval = security_ops->iopl(old, level);
> > + if (retval) {
> > + return retval;
> > + }
> > +
>
> again (and another few times)
Ok, again, no one is using it. I'll go remove it (and go audit all of
the other hooks.)
> > + * @module_create:
> > + * Check the permission before allocating space for a module.
> > + * @name contains the module name.
> > + * @size contains the module size.
> > + * Return 0 if permission is granted.
> > + * @module_initialize:
> > + * Check permission before initializing a module.
> > + * @mod contains a pointer to the module being initialized.
> > + * Return 0 if permission is granted.
>
> Umm, you can't tell me you deny someone to initialize a module he has
> just created?
Bah, ok, again no one uses these either.
Consider me roasted, I'll go audit this whole thing to try to justify
every one of the hooks we ask for.
Very sorry for bothering people.
thanks,
greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/