Re: [RFC][PATCH] Privilege dropping security module
From: Rob Meijer
Date: Mon Sep 28 2009 - 01:52:45 EST
On Sat, September 26, 2009 23:35, Andy Spencer wrote:
>> It's amazing who much of this stuff there is to attend to. If you
>> haven't, run checkpatch.py on your patches. You'll need to pass that
>> eventually.
>
> I've fixed the remaining things that checkpatch.pl suggests as well as a
> few others and will include those checks for future patches.
>
>
>> Hmm. You are working with the Linux DAC mechanism, even if only within
>> a process tree. You're not dropping privilege, you're applying a mask
>> to the file permission bits, currently for file system objects, and
>> with other objects (sysvipc at least) in the future. Hmm. modemask?
>> Something derived from "restricted process tree?"
>
> `Access Control Masking' or `Policy Masking' perhaps?
>
Or 'Permission Attenuation' ?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/