Casey Schaufler <[EMAIL PROTECTED]> wrote:
> Yes, and I would recommend doing so to avoid permission races.
> You're going to have to deal with the case where step (2) fails
> even if you have step (1), so the "test and set" mindset seems
> prudent to me.
Looking at SELinux, that doesn't get rid
--- David Howells <[EMAIL PROTECTED]> wrote:
>
> Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> > > avc_has_perm(daemon_tsec->sid, nominated_sid,
> > >SECCLASS_CACHE, CACHE__USE_AS_OVERRIDE, NULL);
> > >
> > > And I assume this doesn't care if one, the other or both of the tw
David Howells <[EMAIL PROTECTED]> wrote:
> Okay... It looks like I want four security operations/hooks for cachefiles:
FYI, I added the following vectors:
# kernel services that need to override task security
class kernel_service
{
use_as_override
Stephen Smalley <[EMAIL PROTECTED]> wrote:
> > avc_has_perm(daemon_tsec->sid, nominated_sid,
> > SECCLASS_CACHE, CACHE__USE_AS_OVERRIDE, NULL);
> >
> > And I assume this doesn't care if one, the other or both of the two SIDs
> > mentioned are of SECCLASS_PROCESS rather than