On Fri, 16 Nov 2007, Eric Paris wrote: > When this protection was originally concieved it intentionally was > offing something even without an more 'full featured' LSM. That was the > whole reason I had to drop the secondary stacking hook inside the > selinux code. > > While I now understand the question, I think that this is the behavior > most people would want. I'll revert the security enhancement for > non-LSM systems if others agree with James, but I think adding another > small bit of protection against kernel flaws for everyone who wants > security is a win. (and remember, in kernel we still default this to > off so noone is going to 'accidentally' see and security checks in the > dummy hooks)
If it's off by default and generally useful across LSMs, why not just put it in the base kernel code? - James -- James Morris <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
