Re: [PATCH] remove sys_security
Jeff Garzik (jgarzik@pobox.com)
Thu, 17 Oct 2002 17:10:03 -0400
Russell Coker wrote:
> On Thu, 17 Oct 2002 22:30, Jeff Garzik wrote:
>
>>Greg KH wrote:
>>
>>>Hm, in looking at the SELinux documentation, here's a list of the
>>>syscalls they need:
>>> http://www.nsa.gov/selinux/docs2.html
>>>
>>>That's a lot of syscalls :)
>>
>>Any idea if security identifiers change with each syscall?
>>
>>If not, a lot of the xxx_secure syscalls could go away...
>
>
> None of them can go away.
>
> Security identifiers are for the operation you perform. For example
> open_secure() is so that you can specify the security context for a new file
> that you are creating. connect_secure() is used to specify the security
> context of the socket you want to connect to. In the default setup the only
> way that connect_secure() and open_secure() can use the same SID is for unix
> domain sockets (which are labeled with file types). A TCP connection will be
> to a process, the SID of a process is not a valid type label for a file.
>
> lstat_secure(), recv_secure() and others are used to retrieve the security
> context of the file, network message, etc.
What specific information differs per-operation, such that security
identifiers cannot be stored internally inside a file handle?
Jeff
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/