Re: [patch 2/3] lsm: add bsdjail module

[Ulrich Drepper]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Serge E. Hallyn wrote:

> +If a private IP was specified for the jail, then
> +		cat /proc/$$/attr/current

How is this going to interact with SELinux?  Currently SELinux uses
/proc/*/attr/current to report the current security context of the
process.  libselinux expects the file to contain one string (not even a
newline) which is the textual representation of the context.  Now with
your changes you want to change this.  libselinux as-is would break
miserably.

I don't know the history of the file and who is hijacking the file.
Fact is that the file content is currently unstructured and libselinux
couldn't possibly determine what part is of interest to itself.

So, either you use another file, SELinux uses another file, or the file
gets tagged lines like

  selinux: user_u:user_r:user_t

I guess you couldn't even start the userlevel code in FC3 in such a jail
in the moment since the libselinux startup tests would fail.

- --
â Ulrich Drepper â Red Hat, Inc. â 444 Castro St â Mountain View, CA â
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFBbFwm2ijCOnn/RHQRAvimAJ9W3bIil5Yi1Ex/CX1FpUjzxyheIQCeNKRu
RHv5SGG0iQSEsmbIWfHmwAA=
=HZM3
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/