On Mon, Sep 18, 2006 at 07:46:06AM -0400, Joshua Brindle wrote: > And that is just practical stuff, there are still problems with > embedding policy into binaries all over the system in an entirely > non-analyzable way, and this extends to all capabilities, not just the > open() one. Some people prefer the policy to be embedded into binaries all over the system rather than centralized in one place. I think it's just a question of choice: if you don't like this way of doing things, you don't have to use it, of course (my "cuppabilities" module would be entirely optional). Happy hacking, -- David A. Madore ([email protected], http://www.madore.org/~david/ ) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- References:
- [PATCH 1/4] security: capabilities patch (version 0.4.4), part 1/4: enlarge capability sets
- From: David Madore <[email protected]>
- [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities
- From: David Madore <[email protected]>
- Re: [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities
- From: Alan Cox <[email protected]>
- Re: [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities
- From: Joshua Brindle <[email protected]>
- Re: [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities
- From: Pavel Machek <[email protected]>
- Re: [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities
- From: Joshua Brindle <[email protected]>
- Re: [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities
- From: David Madore <[email protected]>
- Re: [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities
- From: Joshua Brindle <[email protected]>
- [PATCH 1/4] security: capabilities patch (version 0.4.4), part 1/4: enlarge capability sets
- Prev by Date: Exporting array data in sysfs
- Next by Date: Re: [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities
- Previous by thread: Re: [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities
- Next by thread: Re: [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities
- Index(es):