Venkat,
I have been meaning to ask you about a part of the racoon patch.
In file src/racoon/policy.c, routines, cmpspidxstrict() and cmpspidxwild(),
there is the following code,
#ifdef HAVE_SECCTX
if (a->sec_ctx.ctx_alg != b->sec_ctx.ctx_alg
|| a->sec_ctx.ctx_doi != b->sec_ctx.ctx_doi
#if 1
|| !within_range(a->sec_ctx.ctx_str, b->sec_ctx.ctx_str))
#else
|| a->sec_ctx.ctx_strlen != b->sec_ctx.ctx_strlen
|| (memcmp(a->sec_ctx.ctx_str, b->sec_ctx.ctx_str,
a->sec_ctx.ctx_strlen) != 0))
#endif
return 1;
#endif
Since within_range() takes both contexts' sids (that of the proposal and
that which is in the policy) and checks access,
I assume we no longer want to ensure the security contexts match
exactly. Only that one is permitted by the other, right?
Are you ok with me removing the code after the "#else"?
Or does the changes you will make soon, change this logic also
and I should leave it alone for now? Just cleaning up the code
and wondering about this.
Thanks!
Regards,
Joy
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
