Re: [PATCH] selinux: Use task_alloc hook rather than task_create hook

On Fri, Mar 31, 2017 at 3:20 PM, Paul Moore wrote: > On Thu, Mar 30, 2017 at 7:13 AM, Tetsuo Handa > wrote: >> Paul Moore wrote: >>> > Signed-off-by: Tetsuo Handa >>> > Acked-by: Stephen Smalley

Re: [PATCH] selinux: Use task_alloc hook rather than task_create hook

Paul Moore wrote: > > Signed-off-by: Tetsuo Handa > > Acked-by: Stephen Smalley > > --- > > security/selinux/hooks.c | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > When are you planning to remove the task_create()

Re: [PATCH] selinux: Use task_alloc hook rather than task_create hook

On Tue, Mar 28, 2017 at 10:08 AM, Tetsuo Handa wrote: > >From b43bd0fc0cc267b91f51ad118f6fabd13efb921e Mon Sep 17 00:00:00 2001 > From: Tetsuo Handa > Date: Tue, 28 Mar 2017 22:09:38 +0900 > Subject: [PATCH v2] selinux: Use

Re: [PATCH] selinux: Use task_alloc hook rather than task_create hook

Stephen Smalley wrote: > On Tue, 2017-03-28 at 22:12 +0900, Tetsuo Handa wrote: > > This patch is a preparation for getting rid of task_create hook > > because > > task_create hook > > task_alloc hook? Oops, copy error. Yes, I meant task_alloc hook. > > > which can do what task_create hook

Re: [PATCH] selinux: Use task_alloc hook rather than task_create hook

On Tue, 2017-03-28 at 22:12 +0900, Tetsuo Handa wrote: > This patch is a preparation for getting rid of task_create hook > because > task_create hook task_alloc hook? > which can do what task_create hook can do was revived. > > Creating a new thread is unlikely prohibited by security policy,

[PATCH] selinux: Use task_alloc hook rather than task_create hook

This patch is a preparation for getting rid of task_create hook because task_create hook which can do what task_create hook can do was revived. Creating a new thread is unlikely prohibited by security policy, for fork()/execve()/exit() is fundamental of how processes are managed in Unix. If a