On Wed, Jul 2, 2014 at 2:49 PM, Paul Moore [off-list ref] wrote:

On Monday, June 30, 2014 09:05:38 AM Andy Lutomirski wrote:

quoted

On Mon, Jun 30, 2014 at 3:28 AM, David Drysdale [off-list ref] wrote:

quoted

If the LSM does not provide implementations of the .file_lookup and
.file_install LSM hooks, always use the Capsicum implementations.

The Capsicum implementation of file_lookup checks for a Capsicum
capability wrapper file and unwraps to if the appropriate rights
are available.

The Capsicum implementation of file_install checks whether the file
has restricted rights associated with it.  If it does, it is replaced
with a Capsicum capability wrapper file before installation into the
fdtable.

I think I fall on the "no LSM" side of the fence.  This kind of stuff
should be available regardless of selected LSM (as it is in your
code) ...

I agree.  Looking quickly at the patches, the code seems to take an odd
approach of living largely outside the LSM framework, but then relying on a
couple of LSM hooks.  Capsicum should either live fully as a LSM or fully
outside of it, this mix seems a bit silly to me.

Yeah, the end result was definitely a bit odd, hence the queries in the
cover email.  The consensus so far seems to be that they don't help,
so I'll remove the gratuitous LSM hooks on the next iteration.

Thanks,
David

--
paul moore
www.paul-moore.com