On Sep 19, 2007, at 08:15:53, Tetsuo Handa wrote:
Kyle Moffett wrote:
Look at it this way: What format do you use for your in-memory
datastructures? If that format is not extremely close to the
policy file format (with pointers replaced by 8-byte offsets),
then you are using the wrong
Move into the cred struct the part of the task security data that defines how a
task acts upon an object. The part that defines how something acts upon a task
remains attached to the task.
For SELinux this requires some of task_security_struct to be split off into
cred_security_struct which is
Hi Al, Christoph, Trond, Stephen, Casey,
Here's a set of patches that implement a very basic set of COW credentials. It
compiles, links and runs for x86_64 with EXT3, (V)FAT, NFS, AFS, SELinux and
keyrings all enabled. Most other filesystems are disabled, apart from things
like proc. It is
--- David Howells [EMAIL PROTECTED] wrote:
Move into the cred struct the part of the task security data that defines how
a
task acts upon an object. The part that defines how something acts upon a
task
remains attached to the task.
This seems to me to be an unnatural and inappropriate
Casey Schaufler [EMAIL PROTECTED] wrote:
Move into the cred struct the part of the task security data that defines
how a task acts upon an object. The part that defines how something acts
upon a task remains attached to the task.
This seems to me to be an unnatural and inappropriate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Howells wrote:
Move the effective capabilities mask from the task struct into the credentials
record.
Note that the effective capabilities mask in the cred struct shadows that in
the task_struct because a thread can have its capabilities