Hi, On Fri, Oct 18, 2002 at 12:14:16AM +0200, Russell Coker wrote: > OK, how do you go about supplying extra data to a file open than to modify the > open system call? > > If for example I want to create a file of context > "system_u:object_r:fingerd_log_t" under /var/log (instead of taking the > context from that of the /var/log directory "system_u:object_r:var_log_t") > then how would I go about doing it other than through a modified open system > call? With a "setesid(2)" syscall to set the effective sid. A new file already inherits a ton of context, from the current uid/gid to the umask. Those are already selectable by setting up the current process context. And for the uid/gid bits, we also have setfsuid to set the id for creation without causing the whole process to suddenly change ownership. A similar way of setting the effective sid for new object creation would eliminate over 20 of the new sys_security syscalls in the SELinux patches. --Stephen _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Oct 22 2002 - 17:38:03 PDT