* Chris Wright ([email protected]) wrote:
> * Stephen Smalley ([email protected]) wrote:
> > e.g. if secondary_ops->capable is null, the SELinux tests aren't going
> > to show that, because they will still see that the SELinux permission
> > checks are working correctly. They only test failure/success for the
> > SELinux permission checks, not for the capability checks, so if you
> > unhook capabilities, they won't notice.
>
> Yes, I see. I thought the tests you were referring to were
> "if (secondary_ops->capable)" not LTP tests. Capability is still a
> module that can be loaded (or built-in). So the only issue is it's
> security_ops is now NULL where it was a trivial return 0 function.
> Aside from the oversight Serge fixed, I don't think there's any issue.
Bah, of course, that's inaccurate because you unconditionally set the
secondary to the default. So, indeed, the default case (nothing actively
loaded as secondary) will get secondary_ops filled with NULL only.
Seems simplest to just fill the default with cap calls where applicable,
but I had hoped to eliminate that.
Thoughts?
thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |