On Tue, 2017-10-31 at 15:16 -0200, Marcelo Ricardo Leitner wrote:
> On Tue, Oct 17, 2017 at 02:59:53PM +0100, Richard Haines wrote:
> > The SELinux SCTP implementation is explained in:
> > Documentation/security/SELinux-sctp.txt
> >
> > Signed-off-by: Richard Haines
On Tue, Oct 31, 2017 at 7:08 PM, Florian Westphal wrote:
> Paul Moore wrote:
>> On Mon, Oct 30, 2017 at 10:58 AM, Stephen Smalley wrote:
>> > matching before (as in this patch) or after calling xfrm_bundle_ok()?
>>
>> I would probably
On Wed, 2017-11-01 at 17:40 +1100, James Morris wrote:
> On Tue, 31 Oct 2017, Stephen Smalley wrote:
>
> > This btw would be a bit cleaner if we dropped the .ns. portion of
> > the
> > name, such that we would have:
> > security.selinux # xattr name in the init namespace
> > security.selinux.vmN
On Wed, 2017-11-01 at 00:08 +0100, Florian Westphal wrote:
> Paul Moore wrote:
> > On Mon, Oct 30, 2017 at 10:58 AM, Stephen Smalley > v> wrote:
> > > matching before (as in this patch) or after calling
> > > xfrm_bundle_ok()?
> >
> > I would probably
Paul Moore wrote:
> On Mon, Oct 30, 2017 at 10:58 AM, Stephen Smalley wrote:
> > matching before (as in this patch) or after calling xfrm_bundle_ok()?
>
> I would probably make the LSM call the last check, as you've done; but
> I have to say that is just
On Tue, 31 Oct 2017, Stephen Smalley wrote:
> This btw would be a bit cleaner if we dropped the .ns. portion of the
> name, such that we would have:
> security.selinux # xattr name in the init namespace
> security.selinux.vmN # xattr name in the vmN namespace
> security.selinux.vmN.vmM # xattr