Re: [RFC PATCH] security, capability: pass object information to security_capable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 12 Jul 2019, Stephen Smalley wrote:

> > > If we want to apply least privilege, then this is a desirable facility.
> > 
> > The capability mechanism is object agnostic by design.
> 
> Some might argue that's a flawed design.

Narrator: it's a flawed design.

> > > I understand that doesn't mesh with Smack's mental modelbut it would
> > > probably be useful to both SELinux and AppArmor, among others.
> > 
> > I'm perfectly happy to have the information transmitted.
> > I think a separate interface for doing so is appropriate.
> 
> As above, I don't see any way to do that that isn't just adding overhead.
> 

Agreed, and even so, part of the point of LSM is to allow existing 
security models to be extended to meet a wider range of security 
requirements.

-- 
James Morris
<jmorris@xxxxxxxxx>




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux