On Fri, 2005-04-01 at 12:35 -0800, David S. Miller wrote: > On Fri, 01 Apr 2005 15:06:37 -0500 > Stephen Smalley <[EMAIL PROTECTED]> wrote: > > > This patch against -bk eliminates the use of i_sock by SELinux as it > > appears to have been removed recently, breaking the build of SELinux in > > -bk. Simply replacing the i_sock test with an S_ISSOCK test would be > > unsafe in the SELinux code, as the latter will also return true for the > > inodes of socket files in the filesystem, not just the actual socket > > objects IIUC. Hence this patch reworks the SELinux code to avoid the > > need to apply such a test in the first place, part of which was > > obsoleted anyway by earlier changes to SELinux. Please apply. > > > > Signed-off-by: Stephen Smalley <[EMAIL PROTECTED]> > > Signed-off-by: James Morris <[EMAIL PROTECTED]> > > Applied, thanks Stephen.
So, just for clarification, since a S_ISSOCK test is not necessarily equivalent to an i_sock test (in the case of inodes of socket files in the filesystem), was removing i_sock truly the right choice? It may not be an issue for typical users of i_sock since you can't open a descriptor to such a socket file, so any code that was acting on an open file shouldn't have to deal with this ambiguity, but could possibly lead to an erroneous use of SOCKET_I on the inode of a socket file in other code (which is what would have happened in SELinux if we had just changed the i_sock test to an ISSOCK test). Thanks, just trying to avoid confusion in the kernel in the future... -- Stephen Smalley <[EMAIL PROTECTED]> National Security Agency - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/