On Fri, 2004-12-10 at 13:21, Serge Hallyn wrote: > A new patch taking in Stephen's comments is attached. This patch > defines the bprm_final_setup LSM hook, which is called after apply_creds > but with task_lock dropped. You can collapse the avc_has_perm_noaudit()+avc_audit() call into a avc_has_perm() call for the share check as well, eliminating the need for avd at all. You don't need bsec or sid for bprm_final_setup, it only deals with tsec. Caveat: Patches already queued up in -mm eliminate the AVC entry references entirely due to RCU, so your patch will have to be updated when you re-base. -- Stephen Smalley <sds@private> National Security Agency
This archive was generated by hypermail 2.1.3 : Fri Dec 10 2004 - 09:24:19 PST