Re: [patch 6/8] Factor out sysctl pathname code

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Stephen Smalley

Subject: Re: [patch 6/8] Factor out sysctl pathname code

Date: Tuesday, June 3, 2008 - 6:34 am

On Sat, 2008-05-31 at 04:27 -0400, Christoph Hellwig wrote:
quoted text> On Thu, May 29, 2008 at 01:32:51PM +0200, Miklos Szeredi wrote:
> > Convert the selinux sysctl pathname computation code into a standalone
> > function.
> 
> No point bloating core kernel for selinux mess.  And this whole routine
> should rather go away rather than moving it to core code.  While doing
> pathname based lookup for the label might work for the limited case
> of sysctl where there are no symlinks but is a rather dumb idea in
> general.  And reconstructing this path from the sysctl tables is twice
> as dumb.

I didn't see an alternative for fine-grained labeling of sysctl - the
pathname was the only stable key I could use as an index into policy;
xattrs or the like didn't make sense there.  And generating the pathname
from the sysctl tables ensured that we obtained a stable result that
wasn't mutable by userspace.  Do you have an alternative suggestion?

-- 
Stephen Smalley
National Security Agency

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[patch 6/8] Factor out sysctl pathname code, Miklos Szeredi, (Thu May 29, 4:32 am)

Re: [patch 6/8] Factor out sysctl pathname code, Christoph Hellwig, (Sat May 31, 1:27 am)

Re: [patch 6/8] Factor out sysctl pathname code, Stephen Smalley, (Tue Jun 3, 6:34 am)


linux-kernel:
Paul Turner	[tg_shares_up rewrite v4 11/11] sched: update tg->shares after cpu.shares write
Matthew Garrett	Re: [PATCH] Enable speedstep for sonoma processors.
Mauro Carvalho Chehab	Re: [PATCH 1/2] media: Add timberdale video-in driver
Peter Zijlstra	[PATCH 23/30] netvm: skb processing
Greg Kroah-Hartman	[PATCH 21/28] cgroupfs: create /sys/fs/cgroup to mount cgroupfs on
git:
Jan Hudec	Re: GIT push to sftp (feature request)
Steffen Prohaska	[PATCH 0/4] core.ignorecase
Johannes Schindelin	Re: Git checkout preserve timestamp?
Linus Torvalds	[PATCH 1/7] Make unpack_trees_options bit flags actual bitfields
Johan Herland	Re: What's cooking in git.git (Oct 2010, #01; Wed, 13)
linux-netdev:
David Miller	Re: [PATCH 1/3] f_phonet: dev_kfree_skb instead of dev_kfree_skb_any in TX callback
Richard Cochran	Re: [PATCH v3 3/3] ptp: Added a clock that uses the eTSEC found on the MPC85xx.
Jan Engelhardt	Re: [PATCH] Fix netfilter xt_time's time_mt()'s use of do_div()
Herbert Xu	Re: [RFC PATCH 00/17] virtual-bus
Jeff Kirsher	Re: [net-next-2.6 PATCH] e1000e: don't inadvertently re-set INTX_DISABLE
git-commits-head:
Linux Kernel Mailing List	ALSA: hda - Enable beep on Realtek codecs with PCI SSID override
Linux Kernel Mailing List	Use path_put() in a few places instead of {mnt,d}put()
Linux Kernel Mailing List	mv643xx_eth: use sw csum for big packets
Linux Kernel Mailing List	arm: fix HAVE_CLK merge goof
Linux Kernel Mailing List	arm: convert pcm037 platform to use smsc911x
freebsd-current:
David Wolfskill	"interrupt storm..."; seems associated with an0 NIC
Andriy Gapon	Re: letting glabel recognise a media change
Garrett Cooper	Re: Only display ACPI bootmenu key if ACPI is present
Pyun YongHyeon	CFT: msk(4) Rx checksum offloading support
FreeBSD Tinderbox	[head tinderbox] failure on sparc64/sparc64