User: Password:
|
|
Subscribe / Log in / New account

LSM chaining ("stacking") is a good idea

LSM chaining ("stacking") is a good idea

Posted Jun 24, 2010 23:34 UTC (Thu) by cesarb (subscriber, #6266)
In reply to: LSM chaining ("stacking") is a good idea by dwheeler
Parent article: LSM stacking (again)

> If it's cumulatively restrictive, many of the problems of figuring out what's okay to combine are quite easy.

Adding restrictions is not always OK. There is always the risk of creating something like the "sendmail capabilities bug" (http://userweb.kernel.org/~morgan/sendmail-capabilities-w...).


(Log in to post comments)

LSM chaining ("stacking") is a good idea

Posted Jun 27, 2010 16:00 UTC (Sun) by nix (subscriber, #2304) [Link]

Yes, David mentioned that in the very next paragraph. His point stands, I think.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds