Re: [PATCH] remove sys_security

From: Russell Coker (russellat_private)
Date: Thu Oct 17 2002 - 14:00:05 PDT

  • Next message: David S. Miller: "Re: [PATCH] remove sys_security"

    On Thu, 17 Oct 2002 22:30, Jeff Garzik wrote:
    > Greg KH wrote:
    > > Hm, in looking at the SELinux documentation, here's a list of the
    > > syscalls they need:
    > > 	http://www.nsa.gov/selinux/docs2.html
    > >
    > > That's a lot of syscalls :)
    >
    > Any idea if security identifiers change with each syscall?
    >
    > If not, a lot of the xxx_secure syscalls could go away...
    
    None of them can go away.
    
    Security identifiers are for the operation you perform.  For example 
    open_secure() is so that you can specify the security context for a new file 
    that you are creating.  connect_secure() is used to specify the security 
    context of the socket you want to connect to.  In the default setup the only 
    way that connect_secure() and open_secure() can use the same SID is for unix 
    domain sockets (which are labeled with file types).  A TCP connection will be 
    to a process, the SID of a process is not a valid type label for a file.
    
    lstat_secure(), recv_secure() and others are used to retrieve the security 
    context of the file, network message, etc.
    
    -- 
    http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
    http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
    http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
    http://www.coker.com.au/~russell/  My home page
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 14:01:26 PDT