[RFC PATCH] security, capability: pass object information to security_capable
James Morris
jmorris at namei.org
Sat Jul 13 04:35:44 UTC 2019
On Fri, 12 Jul 2019, Stephen Smalley wrote:
> > > If we want to apply least privilege, then this is a desirable facility.
> >
> > The capability mechanism is object agnostic by design.
>
> Some might argue that's a flawed design.
Narrator: it's a flawed design.
> > > I understand that doesn't mesh with Smack's mental modelbut it would
> > > probably be useful to both SELinux and AppArmor, among others.
> >
> > I'm perfectly happy to have the information transmitted.
> > I think a separate interface for doing so is appropriate.
>
> As above, I don't see any way to do that that isn't just adding overhead.
>
Agreed, and even so, part of the point of LSM is to allow existing
security models to be extended to meet a wider range of security
requirements.
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list