Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: dynamic context transitions
From: Luke Kenneth Casson Leighton <lkcl_at_lkcl.net>
Date: Mon, 1 Nov 2004 20:35:24 +0000
no there is no reason why [a helper application should] not [be used]. i am not sure if the simple solution [that andrew and russell came up with] was fully enumerated: it involves exec'ing a per-user helper application which does a setuid. the helper application opens files as-and-when they are needed, [and also does mkdirs? and rmdirs?] and then passes the file descriptor over a unix-domain-socket to the smbd process, which NEVER itself does file opens under a user context. i believe it then no longer becomes necessary for smbd to call become_user(). l. -- -- you don't have to BE MAD | this space | my brother wanted to join mensa, to work, but IT HELPS | for rent | for an ego trip - and get kicked you feel better! I AM | can pay cash | out for a even bigger one. -- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Mon 1 Nov 2004 - 15:24:43 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |