* Lorenzo Hernández García-Hierro ([EMAIL PROTECTED]) wrote: > Attached you can find a patch which adds a new hook for the sys_chroot() > syscall, and makes us able to add additional enforcing and security > checks by using the Linux Security Modules framework (ie. chdir > enforcing, etc).
If you want to make a change like this, collapse the capable(CAP_SYS_CHROOT) check behind this hook, no point having two outcalls from same call site. What logic do you expect to put behind the chroot() hook? thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/