Casey Schaufler wrote:
+static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
+{
+ smack_t *ssp = smack_of_shm(shp);
+ int rc;
+
+ if (ssp == NULL)
+ return 0;
+
+ rc = smk_curacc(ssp, MAY_READWRITE);
+ return rc;
+}
No read-only or write-only shm mappings?
Still thinking about it.
I think if you actually want to use this in a guard like policy you are
going to need it (for at least shm and msgq). BTW, you never responded
to my last email about the granularity required to make a high
throughput front channel and a low bandwidth backchannel for guards.
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
