Re: [PATCH] remove sys_security

From: Russell Coker (russellat_private)
Date: Thu Oct 17 2002 - 14:00:05 PDT

  • Next message: David S. Miller: "Re: [PATCH] remove sys_security"

    On Thu, 17 Oct 2002 22:30, Jeff Garzik wrote:
    > Greg KH wrote:
    > > Hm, in looking at the SELinux documentation, here's a list of the
    > > syscalls they need:
    > >
    > >
    > > That's a lot of syscalls :)
    > Any idea if security identifiers change with each syscall?
    > If not, a lot of the xxx_secure syscalls could go away...
    None of them can go away.
    Security identifiers are for the operation you perform.  For example 
    open_secure() is so that you can specify the security context for a new file 
    that you are creating.  connect_secure() is used to specify the security 
    context of the socket you want to connect to.  In the default setup the only 
    way that connect_secure() and open_secure() can use the same SID is for unix 
    domain sockets (which are labeled with file types).  A TCP connection will be 
    to a process, the SID of a process is not a valid type label for a file.
    lstat_secure(), recv_secure() and others are used to retrieve the security 
    context of the file, network message, etc.
    --   My NSA Security Enhanced Linux packages  Bonnie++ hard drive benchmark    Postal SMTP/POP benchmark  My home page
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 14:01:26 PDT