On Monday 2010-08-23 20:45, Luciano Coelho wrote: >> But it looks as strange as the Yama code attempt. > >What is so strange about it? Is it because it's possible to set the >capability requirement from modprobe arguments? The capability check >already exists in at least in nfnetlink, where it checks for received >messages for the CAP_NET_ADMIN capability. Is it strange because we're >checking for the capability when someone tries to write to a file? It is strange that you check this capability from a module focused on packet handling. For lack of a better example, it's as if you tried to check the uid of the file, the latter of which is better left to the routines in fs/. >> This is the one time >> where I would personally be looking into SELinux, or perhaps SMACK if >> the former is too complex, to whether _t'ing off procfs is possible. > >Yeah, but it's not up to me to decide this. We have one entire team >dedicated to figuring out how to ensure "security" in our device. It >was that team who advised us to protect this file by checking for >CAP_NET_ADMIN. You can do whatever you want with your product. I am just saying this does not look like kernel material, and I suppose it won't go well with the maintainers up the chain either. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
