Re: A basic question about the security_* hooks

From: Mimi Zohar
Date: Sat Dec 26 2009 - 19:33:39 EST

Next message: Valdis . Kletnieks: "Re: [tip:sched/urgent] sched: Restore printk sanity"
Previous message: Henrique de Moraes Holschuh: "Re: [PATCH] thinkpad_acpi.c: Remove #define TPACPI_<level>s forprintks"
In reply to: Casey Schaufler: "Re: A basic question about the security_* hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2009-12-24 at 23:50 -0600, Serge E. Hallyn wrote:

<snip>

> Well, taking a step back - what exactly is the motivation for making this
> an LSM? Is it just to re-use the callsites? Or to provide a way to turn
> off the functionality? I ask bc the API is in the prctl code, so the LSM
> is conceptually always there, which is different from other LSMs.
>
> So if you (or your audience) really want this to be an LSM, then you should
> probably put your prctl code in a security_task_prctl() hook. Otherwise,
> perhaps we should just explicitly call your hooks in wrappers - or whatever was
> finally decided should be done with the security/integrity/ima hooks.
>
> -serge

Any place that a security hook and the IMA call co-existed, the IMA call
was moved to the security_ hook (security/security.c).

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Valdis . Kletnieks: "Re: [tip:sched/urgent] sched: Restore printk sanity"
Previous message: Henrique de Moraes Holschuh: "Re: [PATCH] thinkpad_acpi.c: Remove #define TPACPI_<level>s forprintks"
In reply to: Casey Schaufler: "Re: A basic question about the security_* hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]