Re: [patch 2/3] lsm: add bsdjail module

[Serge E. Hallyn]

On Tue, Oct 12, 2004 at 06:09:28PM -0700, Ulrich Drepper wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Serge E. Hallyn wrote:
> 
> >>  selinux: user_u:user_r:user_t
> > 
> > 
> > This is exactly what my current stacker does, to the byte  :-)
> 
> This is all nice and good, but you have to bring this up with the
> SELinux people _now_ since, as I said before, the current
> SELinux-enabled userland code might not even start with this change of
> the format even if SELinux is not enabled.  If it is decided that
> /proc/*/attr/current does not belong to SELinux alone, then the guys
> should be told about it now so that all the relevant code (libselinux,
> kernel without your "stacker" stuff, ...) can be changed before the
> current use spreads too far.

Then they would have to check for an optional "selinux: " at the front
of each security_setprocattr entry read in the kernel, in order to handle
an lsm infrastructure change which might never be accepted into the kernel
anyway.  I suppose it's pretty trivial anyway, but then why would they
bother...

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/