Hi, Stephen and James,
Looks like the selinux_sk_ctxid() call implemented in James' patch also
requires the sk_callback_lock (see below). I am planning to introduce a
new exported fucntion selinux_sock_ctxid() which does not require any
locking. Comments?
thanks,
Catherine
Stephen Smalley <
On Tue, 2006-03-21 at 08:32 -0500, Stephen Smalley wrote:
> > I don't expect security_sk_sid() to be terribly expensive. It's not
> > an AVC check, it's just propagating a label. But I've not done any
> > benchmarking on that.
>
> No permission check there, but it looks like it does read lock
>
On Mon, 2006-03-20 at 15:15 -0800, Chris Wright wrote:
> * Andrew Morton ([EMAIL PROTECTED]) wrote:
> > Chris Wright <[EMAIL PROTECTED]> wrote:
> > > Catherine, the security_sid_to_context() is a raw SELinux function which
> > > crept into core code and should not have been there. The fallout fixe
From: James Morris <[EMAIL PROTECTED]>
Date: Mon, 20 Mar 2006 19:37:51 -0500 (EST)
> I believe Catherine is away this week, so it's probably best to drop the
> code and wait till she gets back and we can get it 100% right.
Ok, agreed.
> Sorry, this is my fault, I should have caught this problem
On Mon, 20 Mar 2006, David S. Miller wrote:
> I'm seriously considering backing out Catherine's AF_UNIX patch from
> the net-2.6.17 tree before submitting it to Linus later today so that
> none of this crap goes in right now.
I believe Catherine is away this week, so it's probably best to drop th
* David S. Miller ([EMAIL PROTECTED]) wrote:
> From: Chris Wright <[EMAIL PROTECTED]>
> Date: Mon, 20 Mar 2006 13:36:36 -0800
>
> > The point of Catherine's original patch was to make sure there's always
> > a security identifier associated with AF_UNIX messages. So receiver
> > can always check
From: Chris Wright <[EMAIL PROTECTED]>
Date: Mon, 20 Mar 2006 13:36:36 -0800
> The point of Catherine's original patch was to make sure there's always
> a security identifier associated with AF_UNIX messages. So receiver
> can always check it (same as having credentials even w/out sender
> contro
* Andrew Morton ([EMAIL PROTECTED]) wrote:
> Chris Wright <[EMAIL PROTECTED]> wrote:
> > Catherine, the security_sid_to_context() is a raw SELinux function which
> > crept into core code and should not have been there. The fallout fixes
> > included conditionally exporting security_sid_to_context,
Chris Wright <[EMAIL PROTECTED]> wrote:
>
> * Chris Wright ([EMAIL PROTECTED]) wrote:
> > * Ingo Oeser ([EMAIL PROTECTED]) wrote:
> > > Hi Chris,
> > >
> > > Andrew Morton wrote:
> > > > Ingo Oeser <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > > -int scm_send(struct socket *sock, struct msghdr *ms
* Chris Wright ([EMAIL PROTECTED]) wrote:
> * Ingo Oeser ([EMAIL PROTECTED]) wrote:
> > Hi Chris,
> >
> > Andrew Morton wrote:
> > > Ingo Oeser <[EMAIL PROTECTED]> wrote:
> > > >
> > > > -int scm_send(struct socket *sock, struct msghdr *msg, struct
> > > > scm_cookie *scm)
> > > > -{
> > > > -
* Ingo Oeser ([EMAIL PROTECTED]) wrote:
> Hi Chris,
>
> Andrew Morton wrote:
> > Ingo Oeser <[EMAIL PROTECTED]> wrote:
> > >
> > > -int scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie
> > > *scm)
> > > -{
> > > -struct task_struct *p = current;
> > > -scm->
Hi Chris,
Andrew Morton wrote:
> Ingo Oeser <[EMAIL PROTECTED]> wrote:
> >
> > -int scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie
> > *scm)
> > -{
> > - struct task_struct *p = current;
> > - scm->creds = (struct ucred) {
> > - .uid = p->uid,
> > -
Ingo Oeser <[EMAIL PROTECTED]> wrote:
>
> -int scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie
> *scm)
> -{
> -struct task_struct *p = current;
> -scm->creds = (struct ucred) {
> -.uid = p->uid,
> -.gid = p->gid,
> -.pid = p->t
Benjamin LaHaise <[EMAIL PROTECTED]> wrote:
>
> On Mon, Mar 13, 2006 at 09:05:31PM +0100, Ingo Oeser wrote:
> > From: Ingo Oeser <[EMAIL PROTECTED]>
> >
> > Fold __scm_send() into scm_send() and remove that interface completly
> > from the kernel.
>
> Whoa, what are you doing here?
>
scm_send()
From: Ingo Oeser <[EMAIL PROTECTED]>
Fold __scm_send() into scm_send() and remove that interface completly
from the kernel.
Signed-off-by: Ingo Oeser <[EMAIL PROTECTED]>
---
Inspired by the patch to inline scm_send()
I did the next logical step :-)
Regards
Ingo Oeser
diff --git a/include/net/s
On Mon, Mar 13, 2006 at 09:05:31PM +0100, Ingo Oeser wrote:
> From: Ingo Oeser <[EMAIL PROTECTED]>
>
> Fold __scm_send() into scm_send() and remove that interface completly
> from the kernel.
Whoa, what are you doing here? Uninlining scm_send() is a Bad Thing to do
given that scm_send() is in t
16 matches
Mail list logo
