Re: [RFC][PATCH] Privilege dropping security module

From: Rob Meijer
Date: Mon Sep 28 2009 - 01:52:45 EST

Next message: Mike Galbraith: "Re: IO scheduler based IO controller V10"
Previous message: KAMEZAWA Hiroyuki: "Re: No more bits in vm_area_struct's vm_flags."
In reply to: Andy Spencer: "Re: [RFC][PATCH] Privilege dropping security module"
Next in thread: David Wagner: "Re: [RFC][PATCH] Privilege dropping security module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, September 26, 2009 23:35, Andy Spencer wrote:
>> It's amazing who much of this stuff there is to attend to. If you
>> haven't, run checkpatch.py on your patches. You'll need to pass that
>> eventually.
>
> I've fixed the remaining things that checkpatch.pl suggests as well as a
> few others and will include those checks for future patches.
>
>
>> Hmm. You are working with the Linux DAC mechanism, even if only within
>> a process tree. You're not dropping privilege, you're applying a mask
>> to the file permission bits, currently for file system objects, and
>> with other objects (sysvipc at least) in the future. Hmm. modemask?
>> Something derived from "restricted process tree?"
>
> `Access Control Masking' or `Policy Masking' perhaps?
>

Or 'Permission Attenuation' ?

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mike Galbraith: "Re: IO scheduler based IO controller V10"
Previous message: KAMEZAWA Hiroyuki: "Re: No more bits in vm_area_struct's vm_flags."
In reply to: Andy Spencer: "Re: [RFC][PATCH] Privilege dropping security module"
Next in thread: David Wagner: "Re: [RFC][PATCH] Privilege dropping security module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]