Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
From: David Howells
Date: Wednesday, January 23, 2008 - 1:52 pm

Stephen Smalley <sds@tycho.nsa.gov> wrote:


Do I just send the attached patch to <selinux@tycho.nsa.gov>?  Or do I need to
make a diff from a point in the tree nearer the root?  Is there anything else
I need to alter whilst I'm at it?

David
---
Index: policy/flask/security_classes
===================================================================
--- policy/flask/security_classes	(revision 2573)
+++ policy/flask/security_classes	(working copy)
@@ -109,4 +109,7 @@
 # network peer labels
 class peer
 
+# kernel services that need to override task security
+class kernel_service
+
 # FLASK
Index: policy/flask/access_vectors
===================================================================
--- policy/flask/access_vectors	(revision 2573)
+++ policy/flask/access_vectors	(working copy)
@@ -736,3 +736,10 @@
 {
 	recv
 }
+
+# kernel services that need to override task security
+class kernel_service
+{
+	use_as_override
+	create_files_as
+}
--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
[PATCH 00/28] Permit filesystem local caching [try #2], David Howells, (Wed Dec 5, 12:38 pm)
[PATCH 19/28] NFS: Use local caching [try #2], David Howells, (Wed Dec 5, 12:39 pm)
[PATCH 21/28] NFS: Display local caching state [try #2], David Howells, (Wed Dec 5, 12:40 pm)
[PATCH 22/28] fcrypt endianness misannotations [try #2], David Howells, (Wed Dec 5, 12:40 pm)
[PATCH 23/28] AFS: Add TestSetPageError() [try #2], David Howells, (Wed Dec 5, 12:40 pm)
[PATCH 28/28] FS-Cache: Make kAFS use FS-Cache [try #2], David Howells, (Wed Dec 5, 12:40 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Wed Jan 23, 1:52 pm)