On Fri, 2006-10-27 at 14:38 -0400, Stephen Smalley wrote: > Look at Darrel's patch for mcstransd to apply a permission check between > the level of the caller and the level being translated for context > translations.
Thanks to much discussion with Dan and Stephen, I'm pretty sure I have this correct now. Here is the libselinux part of the patch (reference policy and PAM are next). -- James Antill - <[EMAIL PROTECTED]> setsockopt(fd, IPPROTO_TCP, TCP_CONGESTION, ...); setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, ...); setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, ...);
Index: libselinux/include/selinux/av_permissions.h
===================================================================
--- libselinux/include/selinux/av_permissions.h (revision 2074)
+++ libselinux/include/selinux/av_permissions.h (working copy)
@@ -896,3 +896,4 @@
#define KEY__SETATTR 0x00000020UL
#define KEY__CREATE 0x00000040UL
#define CONTEXT__TRANSLATE 0x00000001UL
+#define CONTEXT__TRANSITION 0x00000002UL
Index: libselinux/src/av_perm_to_string.h
===================================================================
--- libselinux/src/av_perm_to_string.h (revision 2074)
+++ libselinux/src/av_perm_to_string.h (working copy)
@@ -266,3 +266,4 @@
S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
S_(SECCLASS_KEY, KEY__CREATE, "create")
S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate")
+ S_(SECCLASS_CONTEXT, CONTEXT__TRANSITION, "transition")
signature.asc
Description: This is a digitally signed message part
-- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
