Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1030811AbWKOSYd (ORCPT ); Wed, 15 Nov 2006 13:24:33 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1030809AbWKOSYd (ORCPT ); Wed, 15 Nov 2006 13:24:33 -0500 Received: from mx1.redhat.com ([66.187.233.31]:28593 "EHLO mx1.redhat.com") by vger.kernel.org with ESMTP id S1030811AbWKOSYc (ORCPT ); Wed, 15 Nov 2006 13:24:32 -0500 From: David Howells In-Reply-To: <455B53C7.1060604@mentalrootkit.com> References: <455B53C7.1060604@mentalrootkit.com> <20061114200621.12943.18023.stgit@warthog.cambridge.redhat.com> <20061114200647.12943.39802.stgit@warthog.cambridge.redhat.com> <15153.1163593562@redhat.com> <26860.1163607813@redhat.com> To: Karl MacMillan Cc: David Howells , James Morris , Linus Torvalds , Andrew Morton , Stephen Smalley , trond.myklebust@fys.uio.no, selinux@tycho.nsa.gov, linux-kernel@vger.kernel.org, aviro@redhat.com, steved@redhat.com Subject: Re: [PATCH 12/19] CacheFiles: Permit a process's create SID to be overridden X-Mailer: MH-E 8.0; nmh 1.1; GNU Emacs 22.0.50 Date: Wed, 15 Nov 2006 18:21:57 +0000 Message-ID: <1796.1163614917@redhat.com> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 763 Lines: 19 Karl MacMillan wrote: > > and the race in which the rules might change is still a > > possibility I have to deal with. > > I don't think this is a race, it is revocation of access. If you check the > access at every operation and correctly deal with access failures, then this > shouldn't be a problem. Yes it is a pain, but that is how SELinux is supposed > to work. Yes, but what is the correct method of dealing with a failure? All I can think of is to SIGKILL the process. David - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/