--- Andrew Morgan <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > Attached is a quick RFC patch for modifying the way the LSM's handle > prctl() checks. Currently, the only thing LSMs can do with prctl() calls > is add more restrictions to their use than the default kernel.
That is the restrictive (as opposed to authoritative) nature of the LSM interface. > What this patch does is make it possible for an LSM to fake a successful > prctl() call, and also support LSM-specific prctl()s; ones that are only > supported when the particular LSM is loaded. > > Please comment Faking a successful system call would require an authoritative interface. Not that I'm opposed, mind you, but I expect others may be. (insert smiley here) The restrictive nature of the LSM is why Smack uses /proc interfaces to manipulate process attributes. Is there something you're looking to do for which a /proc interface is inappropriate? Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
