Hi, Stephen and James,
Looks like the selinux_sk_ctxid() call implemented in James' patch also
requires the sk_callback_lock (see below). I am planning to introduce a
new exported fucntion selinux_sock_ctxid() which does not require any
locking. Comments?
thanks,
Catherine
Stephen Smalley
On Tue, 2006-03-21 at 08:32 -0500, Stephen Smalley wrote:
I don't expect security_sk_sid() to be terribly expensive. It's not
an AVC check, it's just propagating a label. But I've not done any
benchmarking on that.
No permission check there, but it looks like it does read lock
* Chris Wright ([EMAIL PROTECTED]) wrote:
* Ingo Oeser ([EMAIL PROTECTED]) wrote:
Hi Chris,
Andrew Morton wrote:
Ingo Oeser [EMAIL PROTECTED] wrote:
-int scm_send(struct socket *sock, struct msghdr *msg, struct
scm_cookie *scm)
-{
- struct task_struct *p =
Chris Wright [EMAIL PROTECTED] wrote:
* Chris Wright ([EMAIL PROTECTED]) wrote:
* Ingo Oeser ([EMAIL PROTECTED]) wrote:
Hi Chris,
Andrew Morton wrote:
Ingo Oeser [EMAIL PROTECTED] wrote:
-int scm_send(struct socket *sock, struct msghdr *msg, struct
scm_cookie
* Andrew Morton ([EMAIL PROTECTED]) wrote:
Chris Wright [EMAIL PROTECTED] wrote:
Catherine, the security_sid_to_context() is a raw SELinux function which
crept into core code and should not have been there. The fallout fixes
included conditionally exporting security_sid_to_context, and
From: Chris Wright [EMAIL PROTECTED]
Date: Mon, 20 Mar 2006 13:36:36 -0800
The point of Catherine's original patch was to make sure there's always
a security identifier associated with AF_UNIX messages. So receiver
can always check it (same as having credentials even w/out sender
control
* David S. Miller ([EMAIL PROTECTED]) wrote:
From: Chris Wright [EMAIL PROTECTED]
Date: Mon, 20 Mar 2006 13:36:36 -0800
The point of Catherine's original patch was to make sure there's always
a security identifier associated with AF_UNIX messages. So receiver
can always check it (same
On Mon, 20 Mar 2006, David S. Miller wrote:
I'm seriously considering backing out Catherine's AF_UNIX patch from
the net-2.6.17 tree before submitting it to Linus later today so that
none of this crap goes in right now.
I believe Catherine is away this week, so it's probably best to drop the
From: James Morris [EMAIL PROTECTED]
Date: Mon, 20 Mar 2006 19:37:51 -0500 (EST)
I believe Catherine is away this week, so it's probably best to drop the
code and wait till she gets back and we can get it 100% right.
Ok, agreed.
Sorry, this is my fault, I should have caught this problem.
On Mon, Mar 13, 2006 at 09:05:31PM +0100, Ingo Oeser wrote:
From: Ingo Oeser [EMAIL PROTECTED]
Fold __scm_send() into scm_send() and remove that interface completly
from the kernel.
Whoa, what are you doing here? Uninlining scm_send() is a Bad Thing to do
given that scm_send() is in the
From: Ingo Oeser [EMAIL PROTECTED]
Fold __scm_send() into scm_send() and remove that interface completly
from the kernel.
Signed-off-by: Ingo Oeser [EMAIL PROTECTED]
---
Inspired by the patch to inline scm_send()
I did the next logical step :-)
Regards
Ingo Oeser
diff --git
Ingo Oeser [EMAIL PROTECTED] wrote:
-int scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie
*scm)
-{
-struct task_struct *p = current;
-scm-creds = (struct ucred) {
-.uid = p-uid,
-.gid = p-gid,
-.pid = p-tgid
-};
12 matches
Mail list logo
