As to the unsafe_exec stuff, I'd long figured we would have something just
about like that. (You might recall that an earlier utrace API had an
unsafe_exec engine callback, which had its own unresolved complications.)
For exec transitions (set-id, file caps, selinux), I'd originally figured
an
On 07/07, Roland McGrath wrote:
For exec transitions (set-id, file caps, selinux), I'd originally figured
an engine's report_exec could check for changes and decide to detach itself
if appropriate.
No, it can't. At this point S_ISUID/S_ISGID exid's were already dropped,
or exec can fail
For exec transitions (set-id, file caps, selinux), I'd originally figured
an engine's report_exec could check for changes and decide to detach itself
if appropriate.
No, it can't. At this point S_ISUID/S_ISGID exid's were already dropped,
or exec can fail before before
