Re: [patch 2/3] lsm: add bsdjail module

From: Serge E. Hallyn
Date: Tue Oct 12 2004 - 20:00:43 EST

Next message: Valdis . Kletnieks: "Re: [Ext-rt-dev] Re: [ANNOUNCE] Linux 2.6 Real Time Kernel"
Previous message: Clemens Buchacher: "Re: Questions about memory barriers"
In reply to: Ulrich Drepper: "Re: [patch 2/3] lsm: add bsdjail module"
Next in thread: Ulrich Drepper: "Re: [patch 2/3] lsm: add bsdjail module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > +If a private IP was specified for the jail, then
> > + cat /proc/$$/attr/current
>
> How is this going to interact with SELinux? Currently SELinux uses

The first problem is that to use jail with selinux you'll need to use
a stacking infrastructure (which is still being developed) anyway, in
order to get around the multiplexing of task->security, file->f_security,
and sk->sk_security.

But you're right, this is a problem I've had to address with the stacker:

> /proc/*/attr/current to report the current security context of the
> process. libselinux expects the file to contain one string (not even a

...

> selinux: user_u:user_r:user_t

This is exactly what my current stacker does, to the byte :-)

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Valdis . Kletnieks: "Re: [Ext-rt-dev] Re: [ANNOUNCE] Linux 2.6 Real Time Kernel"
Previous message: Clemens Buchacher: "Re: Questions about memory barriers"
In reply to: Ulrich Drepper: "Re: [patch 2/3] lsm: add bsdjail module"
Next in thread: Ulrich Drepper: "Re: [patch 2/3] lsm: add bsdjail module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]