[RFC PATCH] security, capability: pass object information to security_capable

Casey Schaufler casey at schaufler-ca.com
Sat Jul 13 18:46:25 UTC 2019


On 7/12/2019 9:35 PM, James Morris wrote:
> On Fri, 12 Jul 2019, Stephen Smalley wrote:
>
>>>> If we want to apply least privilege, then this is a desirable facility.
>>> The capability mechanism is object agnostic by design.
>> Some might argue that's a flawed design.
> Narrator: it's a flawed design.
>
>>>> I understand that doesn't mesh with Smack's mental modelbut it would
>>>> probably be useful to both SELinux and AppArmor, among others.
>>> I'm perfectly happy to have the information transmitted.
>>> I think a separate interface for doing so is appropriate.
>> As above, I don't see any way to do that that isn't just adding overhead.
>>
> Agreed, and even so, part of the point of LSM is to allow existing 
> security models to be extended to meet a wider range of security 
> requirements.

We bow to the wisdom of the Maintainer.



More information about the Linux-security-module-archive mailing list