On Fri, 16 Nov 2007, Eric Paris wrote: > When this protection was originally concieved it intentionally was > offing something even without an more 'full featured' LSM. That was the > whole reason I had to drop the secondary stacking hook inside the > selinux code. > > While I now understand the question, I think that this is the behavior > most people would want. I'll revert the security enhancement for > non-LSM systems if others agree with James, but I think adding another > small bit of protection against kernel flaws for everyone who wants > security is a win. (and remember, in kernel we still default this to > off so noone is going to 'accidentally' see and security checks in the > dummy hooks) If it's off by default and generally useful across LSMs, why not just put it in the base kernel code? - James -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
