Re: [RFC] [PATCH] [0/6] LSM Stacking

From: Serge E. Hallyn
Date: Fri Nov 05 2004 - 11:34:58 EST

Next message: Dmitry Torokhov: "Re: [PATCH 2.6.10-rc1 2/5] driver-model: bus_recan_devices() locking fix"
Previous message: Andreas Schwab: "Re: Externalize SLIT table"
In reply to: Valdis . Kletnieks: "Re: [RFC] [PATCH] [0/6] LSM Stacking"
Next in thread: Stephen Smalley: "Re: [RFC] [PATCH] [0/6] LSM Stacking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> One issue: I'm seeing this from /usr/sbin/sendmail:
>
> % /usr/sbin/sendmail
> drop_privileges: setuid(0) succeeded (when it should not)
>
> I've not tracked down what's causing this indigestion yet (I suspect some
> bad interaction with capabilities - that's what caused that message to be
> added to Sendmail in the first place).

Chris had mentioned the stacker_capable not being quite right. I'm
looking at it now, and yeah, it's a little convoluted. I think a simpler

if (!stacked_modules) {
/* same as before
}

final_result = 0;
for (m = stacked_modules; m; m = m->next) {
result = (m->module_operations).capable(tsk,cap);
if (result && !final_result) {
final_result = result;
if (short_circuit_capable)
break;
}
}
return final_result;

should be correct.

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dmitry Torokhov: "Re: [PATCH 2.6.10-rc1 2/5] driver-model: bus_recan_devices() locking fix"
Previous message: Andreas Schwab: "Re: Externalize SLIT table"
In reply to: Valdis . Kletnieks: "Re: [RFC] [PATCH] [0/6] LSM Stacking"
Next in thread: Stephen Smalley: "Re: [RFC] [PATCH] [0/6] LSM Stacking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]