On Fri, Oct 18, 2002 at 12:14:16AM +0200, Russell Coker wrote:
> OK, how do you go about supplying extra data to a file open than to modify the
> open system call?
>
> If for example I want to create a file of context
> "system_u:object_r:fingerd_log_t" under /var/log (instead of taking the
> context from that of the /var/log directory "system_u:object_r:var_log_t")
> then how would I go about doing it other than through a modified open system
> call?
With a "setesid(2)" syscall to set the effective sid.
A new file already inherits a ton of context, from the current uid/gid
to the umask. Those are already selectable by setting up the current
process context. And for the uid/gid bits, we also have setfsuid to
set the id for creation without causing the whole process to suddenly
change ownership.
A similar way of setting the effective sid for new object creation
would eliminate over 20 of the new sys_security syscalls in the
SELinux patches.
--Stephen
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/