Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752905Ab0K1WFe (ORCPT ); Sun, 28 Nov 2010 17:05:34 -0500 Received: from tundra.namei.org ([65.99.196.166]:58580 "EHLO tundra.namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751998Ab0K1WFd (ORCPT ); Sun, 28 Nov 2010 17:05:33 -0500 Date: Mon, 29 Nov 2010 09:05:31 +1100 (EST) From: James Morris To: Casey Schaufler cc: LSM , LKLM Subject: Re: [PATCH] Smack: UDS revision In-Reply-To: <4CEDB7EA.1070106@schaufler-ca.com> Message-ID: References: <4CEDB7EA.1070106@schaufler-ca.com> User-Agent: Alpine 2.00 (LRH 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1151 Lines: 33 On Wed, 24 Nov 2010, Casey Schaufler wrote: > > Subject: [PATCH] Smack: UDS revision > > This patch addresses a number of long standing issues > with the way Smack treats UNIX domain sockets. > > All access control was being done based on the label of > the file system object. This is inconsistant with the > internet domain, in which access is done based on the > IPIN and IPOUT attributes of the socket. As a result > of the inode label policy it was not possible to use > a UDS socket for label cognizant services, including > dbus and the X11 server. > > Support for SCM_PEERSEC on UDS sockets is also provided. > > Signed-off-by: Casey Schaufler (I'm guessing you wanted me to apply this). Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next -- James Morris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/