KaiGai, * KaiGai Kohei (kai...@ak.jp.nec.com) wrote: > On the other hand, a security feature have to identify the client and > assign an appropriate set of privileges on the session prior to it being > available for users. [...] > However, here is no hooks available for the purpose.
I believe we understand the issue now, my point was that in the future let's have this discussion first. > One idea is, as Robert suggested, that we can invoke getpeercon() at > the first call of SELinux module and store it on the local variable. > It will work well as long as getpeercon() does not cause an error. Let's work with this approach to build a proof-of-concept that at least the DML hook will work as advertised. We've got alot of time till 9.1 and I think that if we can show that a module exists that implements SELinux using the DML hook, and that a few other hooks are needed to address short-comings in that module, adding them won't be a huge issue. Thanks, Stephen
signature.asc
Description: Digital signature