Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Adding audit messge to newrole
From: Steve G <linux_4ever_at_yahoo.com>
Date: Wed, 21 Dec 2005 09:41:13 -0800 (PST)
>Why don't you drop capabilities first, then switch to the real uid? You answered yourself. Need setuid capabilities. @@ -401,6 +446,8 @@ int main( int argc, char *argv[] ) {
exit(-1);
+ drop_capabilities();
while (1) { clflag=getopt_long(argc,argv,"r:t:l:",long_options,&flag_index); if (clflag == -1) Any reason we can't move this up earlier in main()? I suppose we could move it above the selinux enabled call.
>Ideally, it should be the first thing in main() to ensure that everything But after the bindtext call for localization?
>@@ -753,6 +799,23 @@ int main( int argc, char *argv[] ) { I generally prefer to use the stack on small programs. Its less complicated and runs faster. We aren't short for stack space in this program. My comment may be misleading you. i wanted to say that its an arbitrary number and can be changed if someone decideds its safe to make it bigger or smaller. Is there a define that has the maximum string representation of a context?
>Also, I think that the audit-related code should be separately #ifdef'd I can do that. I didn't want to clutter the patch on the first go around. I knew there would be changes to it. -Steve Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 21 Dec 2005 - 12:41:25 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |