Re: [PATCH] Extended Attributes for Security Modules against 2.5.68

Chris Wright (chris@wirex.com)
Thu, 24 Apr 2003 13:47:02 -0700


* Andreas Dilger (adilger@clusterfs.com) wrote:
>
> Couldn't that be used to do the trusted-namespace- means-CAP_SYS_ADMIN
> checks, but it can be replaced by other LSM security modules if desired?

I think that's what Stephen is saying. The issue is, the "trusted."
handler uses CAP_SYS_ADMIN internally, after any other LSM check has
already occurred. And the capable() check is too simple to know things
like which inode's xattr is in question at the moment or which namespace.
So Stephen was suggesting moving it out of the handler and putting it
in core code.

cheers,
-chris

-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/