[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: /sbin/reboot and secmodel
On Tue, Mar 18, 2008 at 01:10:30AM +0200, Elad Efrat wrote:
> Christoph Badura wrote:
> >So, assuming that we would want to change our policy of signalling init(8)
> >to be overridable by different secmodel, why not just implement that?
> >I.e. change secmodel_bsd44 to return KAUTH_RESULT_DEFER when a process
> >tries to signal pid 1.
> That's only part of the problem: reboot signals init, but then also
> signals to (supposedly) all processes on the system with SIGTERM and
> SIGKILL to have them exit, too. While the reboot program will silently
> ignore the EPERMs, we'll only be pretending to have reboot working as
> it should. :)
The point is really that if we want to allow security models to authorize
actions that would normally forbidden by the "standard" secmodels then the
secmodels have to return KAUTH_RESULT_DEFER instead of KAUTH_RESULT_DENY
when they want to signal that they disallow an action by default.
Main Index |
Thread Index |