Re: [PATCH 09/14] CacheFiles: Permit a process's create SID to be overridden [try #2]

[Casey Schaufler]

--- David Howells <dhowells@xxxxxxxxxx> wrote:

> Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> 
> > This is SELinux specific funtionality and should be done in the
> > SELinux code. You should not be adding interfaces that are SELinux
> > specific, in this case using secids instead of the LSM blob interfaces.
> 
> Is using secids your only objection?  Or are you objecting to the whole
> 'act-as' concept?

My knee jerk reaction is that that is likely to be SELinux specific
behavior as well. I'm going to have to look at the patch more carefully
before I can say for sure. I will try to make a constructive proposal
once I've had the chance to think on it a little. Sorry about the terse
and unhelpful initial reaction.


Casey Schaufler
casey@xxxxxxxxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/