> -----Original Message----- > From: Stephen Smalley [mailto:[email protected]] > Sent: Monday, December 14, 2015 9:18 AM > To: Roberts, William C <[email protected]>; seandroid- > [email protected] > Subject: Re: mac_override: What does ignore mean? > > On 12/14/2015 11:57 AM, Roberts, William C wrote: > > According to: > > http://selinuxproject.org/page/ObjectClassesPerms#capability2, > > mac_override is ignored. What does that actually mean? Is it always > > denied (my guess) or always allowed? > > It is never checked by SELinux, only by Smack. >
What does that entail exactly? The messages printed to dmesg are "avc denied". Does the "is capable" checks call into SE Linux and EPERM is always returned? I ask this in the context of an out of tree driver that is currently and incorrectly coded with a capable(MAC_OVERRIDE) check. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
