On 12/15/2015 11:06 AM, Casey Schaufler wrote:
On 12/15/2015 7:00 AM, Stephen Smalley wrote:
On 12/14/2015 05:57 PM, Roberts, William C wrote:
If I understand correctly, the goal here is to avoid the lookup from
pid to context. If we somehow Had the context or a token to a context
during
On 12/15/2015 12:19 PM, Joe Nall wrote:
On Dec 15, 2015, at 10:06 AM, Casey Schaufler wrote:
...
I have long wondered why SELinux generates the context string
of the secid more than once. Audit performance alone would
justify keeping it around. The variable length
> On Dec 15, 2015, at 10:06 AM, Casey Schaufler wrote:
>
> ...
> I have long wondered why SELinux generates the context string
> of the secid more than once. Audit performance alone would
> justify keeping it around. The variable length issue isn't
> so difficult as you
On 12/15/2015 8:55 AM, Stephen Smalley wrote:
> On 12/15/2015 11:06 AM, Casey Schaufler wrote:
>> On 12/15/2015 7:00 AM, Stephen Smalley wrote:
>>> On 12/14/2015 05:57 PM, Roberts, William C wrote:
>>
>> If I understand correctly, the goal here is to avoid the lookup from
>> pid
> On Dec 15, 2015, at 12:03 PM, Stephen Smalley wrote:
>
> On 12/15/2015 12:19 PM, Joe Nall wrote:
>>
>>> On Dec 15, 2015, at 10:06 AM, Casey Schaufler
>>> wrote:
>>>
>>> ...
>>> I have long wondered why SELinux generates the context string
>>> of
On 12/15/2015 07:00 AM, Stephen Smalley wrote:
> On 12/14/2015 05:57 PM, Roberts, William C wrote:
>>
If I understand correctly, the goal here is to avoid the lookup from
pid to context. If we somehow Had the context or a token to a context
during the ipc transaction to
On 12/14/2015 05:57 PM, Roberts, William C wrote:
If I understand correctly, the goal here is to avoid the lookup from
pid to context. If we somehow Had the context or a token to a context
during the ipc transaction to userspace, we could just use that In
computing the access decision. If