James Morris <[EMAIL PROTECTED]> writes: > On Thu, 4 Dec 2008, Eric W. Biederman wrote: > >> Which piece of selinux magic did I miss? > > The problem is that SELinux doesn't know anything about the new filesystem > type, and specifically, to treat it like procfs. There are a couple > workarounds we can try to prevent this specific problem from cropping up > again.
The thing is I believe I changed the internal filesystem test to strncmp(fstype, "proc", 4); Which should match both proc and proc/net And likewise I thought I provided the same name by for the magic label lookup by name. >> In particular can you tell if this was a code bug or a logic bug? > > I wouldn't say it was a bug, more a consequence of necessarily imperfect > encapsulation of the security code via LSM. It's just something we have to > keep an eye out for. Yes. Was the piece I missed in the LSM rules loaded from user space? Eric ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ E1000-devel mailing list E1000-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/e1000-devel
