On Fri, 2006-04-07 at 19:30 -0400, Catherine Zhang wrote: > Hi, James, Stephen, Dave and Chris, > > Enclosed please find the updated AF_UNIX patch. It addressed three major > issues in the previous patch. > > 1. No directly calling of the SELINUX function security_sid_to_context(). > The fix is to export this and other similar functions through > wrapper functions in selinux/exports.c. Most of this code is copied > from James' outstanding patch: > > http://people.redhat.com/jmorris/selinux/skfilter/kernel/12-skfilter-selinux-exports.patch
This will ultimately collide with the ongoing audit work to introduce similar SELinux in-kernel interfaces for audit-by-context, netlink sender audit, and audit collection of SIDs rather than contexts to avoid the significant performance penalty associated with context generation on every operation. Hence, you need to look to the patches on linux-audit or viro's audit-current git tree (lspp.b6 or possibly newer) to ensure consistency with the interfaces that they will be introducing there, particularly since that work would likely be going in during the same time frame as your work (i.e. for 2.6.18). -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
