Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Thu, 17 Oct 2002 17:04:02 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Thu, 17 Oct 2002 17:04:02 -0400 Received: from parcelfarce.linux.theplanet.co.uk ([195.92.249.252]:23047 "EHLO www.linux.org.uk") by vger.kernel.org with ESMTP id ; Thu, 17 Oct 2002 17:04:01 -0400 Message-ID: <3DAF272B.8040301@pobox.com> Date: Thu, 17 Oct 2002 17:10:03 -0400 From: Jeff Garzik User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020826 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Russell Coker CC: Greg KH , linux-kernel@vger.kernel.org, linux-security-module@wirex.com Subject: Re: [PATCH] remove sys_security References: <20021017195015.A4747@infradead.org> <20021017201030.GA384@kroah.com> <3DAF1DC8.1090708@pobox.com> <200210172300.05131.russell@coker.com.au> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1482 Lines: 42 Russell Coker wrote: > On Thu, 17 Oct 2002 22:30, Jeff Garzik wrote: > >>Greg KH wrote: >> >>>Hm, in looking at the SELinux documentation, here's a list of the >>>syscalls they need: >>> http://www.nsa.gov/selinux/docs2.html >>> >>>That's a lot of syscalls :) >> >>Any idea if security identifiers change with each syscall? >> >>If not, a lot of the xxx_secure syscalls could go away... > > > None of them can go away. > > Security identifiers are for the operation you perform. For example > open_secure() is so that you can specify the security context for a new file > that you are creating. connect_secure() is used to specify the security > context of the socket you want to connect to. In the default setup the only > way that connect_secure() and open_secure() can use the same SID is for unix > domain sockets (which are labeled with file types). A TCP connection will be > to a process, the SID of a process is not a valid type label for a file. > > lstat_secure(), recv_secure() and others are used to retrieve the security > context of the file, network message, etc. What specific information differs per-operation, such that security identifiers cannot be stored internally inside a file handle? Jeff - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/