Thank you for the valuable comments. I have incorporated a good number
in the updated patch:
http://www.schaufler-ca.com/data/smack-0716A-patch.tar
Change summary:
- Sockets now have their own security blobs rather than pointing
to the blob of the task that created them. Thank you Stephen.
- The smackfs task interfaces ipscheme, ipin, ipout, and packet
have been deleted.
- Socket xattrs SMACK64IPIN, SMACK64IPOUT, SMACK64PACKET are now
supported and can be read using fxattrget(). The first two can
be set with fxattrset().
- Use secattr constants instead of 0. Thank you Paul.
- Cleaned out non-useful network scheme options.
- Cleaned out #ifdefed code to do fd access checks the "wrong" way.
Still to do based on comments: Audit, default domain, netlabel
cacheing, smk_cipso_doi possible rework.
More discussion on CIPSO abuse alternatives wouldn't be a bad notion.
Thank you.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
