Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966365AbWKNVTv (ORCPT ); Tue, 14 Nov 2006 16:19:51 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S966044AbWKNVTv (ORCPT ); Tue, 14 Nov 2006 16:19:51 -0500 Received: from mail7.sea5.speakeasy.net ([69.17.117.9]:49389 "EHLO mail7.sea5.speakeasy.net") by vger.kernel.org with ESMTP id S965997AbWKNVTu (ORCPT ); Tue, 14 Nov 2006 16:19:50 -0500 Date: Tue, 14 Nov 2006 16:19:48 -0500 (EST) From: James Morris X-X-Sender: jmorris@d.namei To: David Howells cc: Linus Torvalds , Andrew Morton , Stephen Smalley , trond.myklebust@fys.uio.no, selinux@tycho.nsa.gov, linux-kernel@vger.kernel.org, aviro@redhat.com, steved@redhat.com, Stephen Smalley Subject: Re: [PATCH 12/19] CacheFiles: Permit a process's create SID to be overridden In-Reply-To: <20061114200647.12943.39802.stgit@warthog.cambridge.redhat.com> Message-ID: References: <20061114200621.12943.18023.stgit@warthog.cambridge.redhat.com> <20061114200647.12943.39802.stgit@warthog.cambridge.redhat.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 633 Lines: 26 On Tue, 14 Nov 2006, David Howells wrote: > +static u32 selinux_set_fscreate_secid(u32 secid) > +{ > + struct task_security_struct *tsec = current->security; > + u32 oldsid = tsec->create_sid; > + > + tsec->create_sid = secid; > + return oldsid; > +} The ability to set this needs to be mediated via MAC policy. See selinux_setprocattr() - James -- James Morris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/