Re: [PATCH] remove sys_security

From: Jeff Garzik (jgarzikat_private)
Date: Thu Oct 17 2002 - 14:10:03 PDT

  • Next message: Greg KH: "[BK PATCH] LSM changes for 2.5.43"

    Russell Coker wrote:
    > On Thu, 17 Oct 2002 22:30, Jeff Garzik wrote:
    > 
    >>Greg KH wrote:
    >>
    >>>Hm, in looking at the SELinux documentation, here's a list of the
    >>>syscalls they need:
    >>>	http://www.nsa.gov/selinux/docs2.html
    >>>
    >>>That's a lot of syscalls :)
    >>
    >>Any idea if security identifiers change with each syscall?
    >>
    >>If not, a lot of the xxx_secure syscalls could go away...
    > 
    > 
    > None of them can go away.
    > 
    > Security identifiers are for the operation you perform.  For example 
    > open_secure() is so that you can specify the security context for a new file 
    > that you are creating.  connect_secure() is used to specify the security 
    > context of the socket you want to connect to.  In the default setup the only 
    > way that connect_secure() and open_secure() can use the same SID is for unix 
    > domain sockets (which are labeled with file types).  A TCP connection will be 
    > to a process, the SID of a process is not a valid type label for a file.
    > 
    > lstat_secure(), recv_secure() and others are used to retrieve the security 
    > context of the file, network message, etc.
    
    
    What specific information differs per-operation, such that security 
    identifiers cannot be stored internally inside a file handle?
    
    	Jeff
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 14:10:34 PDT