On 04/24/2018 11:22 AM, David Howells wrote:
> Stephen Smalley wrote:
>
>> Neither fsopen() nor fscontext_fs_write() appear to perform any kind of
>> up-front permission checking (DAC or MAC), although some security hooks may
>> be ultimately called to allocate structures, parse security options,
Stephen Smalley wrote:
> Neither fsopen() nor fscontext_fs_write() appear to perform any kind of
> up-front permission checking (DAC or MAC), although some security hooks may
> be ultimately called to allocate structures, parse security options, etc.
> Is there a reason not apply a may_mount() or
On 04/20/2018 11:35 AM, David Howells wrote:
> Paul Moore wrote:
>
>> Adding the SELinux mailing list to the CC line; in the future please
>> include the SELinux mailing list on patches like this. It would also
>> be very helpful to include "selinux" somewhere in the subject line
>> when the pat
Paul Moore wrote:
> Adding the SELinux mailing list to the CC line; in the future please
> include the SELinux mailing list on patches like this. It would also
> be very helpful to include "selinux" somewhere in the subject line
> when the patch is predominately SELinux related (much like you di
On Thu, Apr 19, 2018 at 9:31 AM, David Howells wrote:
> Add LSM hooks for use by the filesystem context code. This includes:
>
> (1) Hooks to handle allocation, duplication and freeing of the security
> record attached to a filesystem context.
>
> (2) A hook to snoop a mount options in key
Add LSM hooks for use by the filesystem context code. This includes:
(1) Hooks to handle allocation, duplication and freeing of the security
record attached to a filesystem context.
(2) A hook to snoop a mount options in key[=val] form. If the LSM decides
it wants to handle it, it c
6 matches
Mail list logo