On Fri, 12 Jul 2019, Stephen Smalley wrote: > > > If we want to apply least privilege, then this is a desirable facility. > > > > The capability mechanism is object agnostic by design. > > Some might argue that's a flawed design. Narrator: it's a flawed design. > > > I understand that doesn't mesh with Smack's mental modelbut it would > > > probably be useful to both SELinux and AppArmor, among others. > > > > I'm perfectly happy to have the information transmitted. > > I think a separate interface for doing so is appropriate. > > As above, I don't see any way to do that that isn't just adding overhead. > Agreed, and even so, part of the point of LSM is to allow existing security models to be extended to meet a wider range of security requirements. -- James Morris <jmorris@xxxxxxxxx>
