Re: [PATCH] Realtime LSM

[Lee Revell]

On Sun, 2004-09-12 at 09:58, James Morris wrote:
> On Sun, 12 Sep 2004, Lee Revell wrote:
> 
> > +config SECURITY_REALTIME
> > +	tristate "Realtime Capabilities"
> > +	depends on SECURITY && SECURITY_CAPABILITIES!=y
> > +	default n
> > +	help
> > +	  Answer M to build realtime support as a Linux Security
> > +	  Module.  Answering Y to build realtime capabilities into the
> > +	  kernel makes no sense.
> 
> Why not just make it a bool then?
> 

Good idea.

> I wonder if it might be better to specify configuration via 
> /proc/<pid>/attr rather than module parameters.
> 

This would not work for several reasons.  How would you decide who is
allowed to run RT processes?  Root would have to set the above value,
which defeats the purpose of the realtime-lsm module which is to
selectively allow non-root users to run RT tasks.

Here is a good summary of the security issues that have been raised:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=269661

Realtime-lsm solves all of these problems.

Lee

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/