--- Paul Moore [EMAIL PROTECTED] wrote:
On Tuesday 15 January 2008 8:05:27 pm James Morris wrote:
On Tue, 15 Jan 2008, David Howells wrote:
secid_to_secctx() LSM hook. This patch also includes the SELinux
implementation for this hook.
Signed-off-by: Paul Moore [EMAIL PROTECTED]
Acked-by: Stephen Smalley [EMAIL PROTECTED]
This is useful in its own right, and I would like to push it upstream for
2.6.24 unless there are any objections.
Isn't it a bit late in 2.6.24 to add new functionality, especially when there
isn't an in-tree user for it in 2.6.24?
You are right, there are several users of this function currently under
development but I'm pretty sure all of them are targeting 2.6.25 or greater.
With that in mind, I think the prudent thing to is to wait and push this
upstream for 2.6.25.
I concur with Paul. I had to delete the message I was composing because
it said exactly the same thing.
I do think that we need to put some thought into what a secid
really is and what a secctx ought to look like what with multiple
user cropping up for them. To date audit is the only out-of-LSM
user of the secctx, and assumes it's a printable text string, but
if cacheing is going to be using it as well we're approaching the
secctx being a general interface, and hence a part of the LSM
proper. Probably makes sense to include something in the LSM
documentation. With luck, someone who spells better than I will
beat me to it, but such an update is on my todo list.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
