>An LSM hook can deny an action, but it can never empower a process to do something it would not have been allowed to do in the absence of the security module. The MultiAdm LSM [ http://lwn.net/Articles/255650/ ] can give regular users extra capabilities, empowering them to do something they would not have been allowed otherwise.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds