Russell Coker wrote: > On Thu, 17 Oct 2002 22:30, Jeff Garzik wrote: > >>Greg KH wrote: >> >>>Hm, in looking at the SELinux documentation, here's a list of the >>>syscalls they need: >>> http://www.nsa.gov/selinux/docs2.html >>> >>>That's a lot of syscalls :) >> >>Any idea if security identifiers change with each syscall? >> >>If not, a lot of the xxx_secure syscalls could go away... > > > None of them can go away. > > Security identifiers are for the operation you perform. For example > open_secure() is so that you can specify the security context for a new file > that you are creating. connect_secure() is used to specify the security > context of the socket you want to connect to. In the default setup the only > way that connect_secure() and open_secure() can use the same SID is for unix > domain sockets (which are labeled with file types). A TCP connection will be > to a process, the SID of a process is not a valid type label for a file. > > lstat_secure(), recv_secure() and others are used to retrieve the security > context of the file, network message, etc. What specific information differs per-operation, such that security identifiers cannot be stored internally inside a file handle? Jeff _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 14:10:34 PDT