Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: [RFC]Tuning selinux_file_permission
From: Paul Moore <paul.moore_at_hp.com>
Date: Wed, 5 Sep 2007 10:19:44 -0400
Instead of simply returning 0 here, you should return the return value from selinux_netlbl_inode_permission just like you are doing in your do_selinux_file_permission() function above. This NetLabel call is required to ensure that the on-the-wire label is set correctly for connected stream sockets initiated by a remote host. It may be possible to do away with this call at some point but it requires additional functionality which we do not have at present.
> + rc = do_selinux_file_permission(file, mask); -- paul moore linux security @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 5 Sep 2007 - 10:21:40 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |