On Sat, 2007-11-17 at 08:47 +1100, James Morris wrote: > On Fri, 16 Nov 2007, Eric Paris wrote: > > > On a kernel with CONFIG_SECURITY but without an LSM which implements > > security_file_mmap it is impossible for an application to mmap addresses > > lower than mmap_min_addr. > > Actually, should we be doing any checking in the dummy module, given that > it is not done with !CONFIG_SECURITY ? I'm not sure I understand the question. We already do a number of capable type security checks in dummy functions. See dummy_settime() as just one example. If we have !CONFIG_SECURITY we don't have any security protections (how could we? we turned them off) so we don't get into dummy hooks. If we do checks or not in uncompiled code doesn't seem to me to matter. Maybe I'm just confused... -Eric -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
