Stephen and Andrew, Many thanks for your comments! Will incorporate your suggestions and resubmit.
thanks, Catherine Stephen Smalley <[EMAIL PROTECTED]> wrote on 04/10/2006 09:11:47 AM: > On Fri, 2006-04-07 at 19:30 -0400, Catherine Zhang wrote: > > Hi, James, Stephen, Dave and Chris, > > > > Enclosed please find the updated AF_UNIX patch. It addressed three major > > issues in the previous patch. > > > > 1. No directly calling of the SELINUX function security_sid_to_context(). > > The fix is to export this and other similar functions through > > wrapper functions in selinux/exports.c. Most of this code is copied > > from James' outstanding patch: > > http://people.redhat.com/jmorris/selinux/skfilter/kernel/12- > skfilter-selinux-exports.patch > > This will ultimately collide with the ongoing audit work to introduce > similar SELinux in-kernel interfaces for audit-by-context, netlink > sender audit, and audit collection of SIDs rather than contexts to avoid > the significant performance penalty associated with context generation > on every operation. Hence, you need to look to the patches on > linux-audit or viro's audit-current git tree (lspp.b6 or possibly newer) > to ensure consistency with the interfaces that they will be introducing > there, particularly since that work would likely be going in during the > same time frame as your work (i.e. for 2.6.18). > > -- > Stephen Smalley > National Security Agency > - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
