On Thu, Sep 13, 2018 at 5:03 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > On 9/13/2018 4:51 PM, Kees Cook wrote: >> So, before we can really make a decision, I think we have to decide: >> should ordering be arbitrary for even this level of stacking? > > Do we have a case where it matters? I know that I could write a > module that would have issues if one hook got called and another > didn't because because a precursor module hook failed. I don't > think that any of the existing modules have this problem. FWIW, I prefer having explicit ordering that cannot be changed at runtime. I'm just concerned about painting ourselves (further) into a corner with security= suddenly gaining ordering semantics, but maybe I can just ignore this and we can point and laugh at anyone who gets burned by some future change to making it order-sensitive. :) -Kees -- Kees Cook Pixel Security _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
