Casey Schaufler <[EMAIL PROTECTED]> wrote: > It would seem to me that security_secctx_to_secid() ought to suffice if the > application code was written correctly.
That's not quite sufficient as there still needs to be a verification step to make sure the caller is allowed to do this. > Be aware that factors outside the LSM may be important, too. As Stephen > points out elsewhere, Smack will require you have particular capabilities > (CAP_MAC_OVERRIDE, CAP_MAC_ADMIN) while a DAC LSM may require > CAP_DAC_OVERRIDE. For what? David - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html