On Thu, 17 Oct 2002 22:30, Jeff Garzik wrote: > Greg KH wrote: > > Hm, in looking at the SELinux documentation, here's a list of the > > syscalls they need: > > http://www.nsa.gov/selinux/docs2.html > > > > That's a lot of syscalls :) > > Any idea if security identifiers change with each syscall? > > If not, a lot of the xxx_secure syscalls could go away... None of them can go away. Security identifiers are for the operation you perform. For example open_secure() is so that you can specify the security context for a new file that you are creating. connect_secure() is used to specify the security context of the socket you want to connect to. In the default setup the only way that connect_secure() and open_secure() can use the same SID is for unix domain sockets (which are labeled with file types). A TCP connection will be to a process, the SID of a process is not a valid type label for a file. lstat_secure(), recv_secure() and others are used to retrieve the security context of the file, network message, etc. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 14:01:26 PDT