On Mon, 2005-01-31 at 15:33, Stephen Smalley wrote: > Looks like noop_netlink_send is obsoleted by your change to stacker to > intersect the results, and noop_netlink_recv could be avoided by > dropping selinux_netlink_recv (which is identical to > dummy/cap_netlink_recv anyway). Actually, on second thought, I wonder if selinux_netlink_recv should be calling avc_audit() upon a denial, as otherwise we will see no audit message for a denial even it is caused by the SELinux computation in selinux_netlink_send. Similar issue for the audit subsystem's capability checks on the receiver side. -- Stephen Smalley <sds@private> National Security Agency
This archive was generated by hypermail 2.1.3 : Wed Feb 02 2005 - 06:14:48 PST