On Tue, 21 Jul 2009, James Carter wrote: > Agreed. That guarantee has been stated from the very beginning for > SELinux; we shouldn't move away from it. Are there other places where > having an LSM weakens security by default? There's a similar form of hook in vm_enough_memory, but the SELinux module calls the DAC capability check first, so it seems ok from a policy writer's point of view (i.e. worst case is they revert to DAC). - James -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
