Re: [PATCH] remove sys_security

Russell Coker (russell@coker.com.au)
Thu, 17 Oct 2002 23:00:05 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Daniel Jacobowitz: "Re: PATCH: fix task state reporting"
Previous message: Greg KH: "Re: [PATCH] remove sys_security"

On Thu, 17 Oct 2002 22:30, Jeff Garzik wrote:
> Greg KH wrote:
> > Hm, in looking at the SELinux documentation, here's a list of the
> > syscalls they need:
> > http://www.nsa.gov/selinux/docs2.html
> >
> > That's a lot of syscalls :)
>
> Any idea if security identifiers change with each syscall?
>
> If not, a lot of the xxx_secure syscalls could go away...

None of them can go away.

Security identifiers are for the operation you perform. For example
open_secure() is so that you can specify the security context for a new file
that you are creating. connect_secure() is used to specify the security
context of the socket you want to connect to. In the default setup the only
way that connect_secure() and open_secure() can use the same SID is for unix
domain sockets (which are labeled with file types). A TCP connection will be
to a process, the SID of a process is not a valid type label for a file.

lstat_secure(), recv_secure() and others are used to retrieve the security
context of the file, network message, etc.

-- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniel Jacobowitz: "Re: PATCH: fix task state reporting"
Previous message: Greg KH: "Re: [PATCH] remove sys_security"