On Fri, 2005-02-04 at 13:14, Chris Wright wrote: > * Stephen Smalley ([EMAIL PROTECTED]) wrote: > > This patch against 2.6.11-rc3 fixes the selinux_inode_setattr hook > > function to honor the ATTR_FORCE flag, skipping any permission checking > > in that case. Otherwise, it is possible though unlikely for a denial > > from the hook to prevent proper updating, e.g. for remove_suid upon > > writing to a file. This would only occur if the process had write > > permission to a suid file but lacked setattr permission to it. Please > > apply. > > Is there any reason not to promote this to the framework?
I wasn't sure if a security module might still want to be notified of forced changes (e.g. to adjust some state in its own security structure), even if it skips permission checking on such changes. -- Stephen Smalley <[EMAIL PROTECTED]> National Security Agency - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
