On 7/12/2019 9:35 PM, James Morris wrote: > On Fri, 12 Jul 2019, Stephen Smalley wrote: > >>>> If we want to apply least privilege, then this is a desirable facility. >>> The capability mechanism is object agnostic by design. >> Some might argue that's a flawed design. > Narrator: it's a flawed design. > >>>> I understand that doesn't mesh with Smack's mental modelbut it would >>>> probably be useful to both SELinux and AppArmor, among others. >>> I'm perfectly happy to have the information transmitted. >>> I think a separate interface for doing so is appropriate. >> As above, I don't see any way to do that that isn't just adding overhead. >> > Agreed, and even so, part of the point of LSM is to allow existing > security models to be extended to meet a wider range of security > requirements. We bow to the wisdom of the Maintainer.
