On Fri, 2006-04-07 at 19:30 -0400, Catherine Zhang wrote:
> Hi, James, Stephen, Dave and Chris,
> 
> Enclosed please find the updated AF_UNIX patch.  It addressed three major
> issues in the previous patch.
> 
> 1. No directly calling of the SELINUX function security_sid_to_context().
>    The fix is to export this and other similar functions through
>    wrapper functions in selinux/exports.c.  Most of this code is copied
>    from James' outstanding patch:
>    
> http://people.redhat.com/jmorris/selinux/skfilter/kernel/12-skfilter-selinux-exports.patch

This will ultimately collide with the ongoing audit work to introduce
similar SELinux in-kernel interfaces for audit-by-context, netlink
sender audit, and audit collection of SIDs rather than contexts to avoid
the significant performance penalty associated with context generation
on every operation.  Hence, you need to look to the patches on
linux-audit or viro's audit-current git tree (lspp.b6 or possibly newer)
to ensure consistency with the interfaces that they will be introducing
there, particularly since that work would likely be going in during the
same time frame as your work (i.e. for 2.6.18).

-- 
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to