On Tue, Oct 02, 2018 at 06:08:16AM +1000, James Morris wrote: > On Mon, 1 Oct 2018, Darrick J. Wong wrote: > > > If we /did/ replace CAP_SYS_ADMIN checking with a pile of LSM hooks, > > Not sure we'd need a pile of hooks, what about just "read" and "write" > storage admin? > > Or even two new capabilities along these lines, which we convert existing > CAP_SYS_ADMIN etc. to? So instead of having hundreds of management ioctls under CAP_SYS_ADMIN, we'd now have hundreds of non-storage ioctls under CAP_SYS_ADMIN and hundreds of storage ioctls under CAP_SYS_STORAGE_ADMIN? Maybe I'm missing something, but I don't see how that improves the situation w.r.t. locked down LSM configurations? Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx
