Re: [PATCH][RFC] Remove kmod_set_label hook

From: Chris Wright (chrisat_private)
Date: Thu Mar 27 2003 - 10:00:18 PST

  • Next message: Chris Wright: "Re: [PATCH][RFC] Remove kmod_set_label hook"

    * Russell Coker (russellat_private) wrote:
    > Is kmod_t going away or going to cease being used for modprobe/hotplug?
    That's a policy decision for SELinux.  The kmod_set_label hook is gone,
    so it's not as obvious how to apply that Type.  Both are execve()'d, so
    there is _that_ domain transistion, although it's potentially not the
    same transistion that you'd expect when someone executes insmod from
    userspace directly.
    > I think that having the lockd thread in question running as kmod_t is not a 
    > good idea, it's not what you would expect.  kernel_t would be logical choice 
    > as a new user would expect such a kernel thread to run in kernel_t.
    I'd expect lockd to run as kernel_t, not kmod_t.
    > A completely different SID would be OK, but then would we need a series of 
    > different SIDs for different kernel threads?
    I don't think so.
    Linux Security Modules
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu Mar 27 2003 - 10:02:39 PST