Quoting Stephen Smalley (sds@xxxxxxxxxxxxxx): > On Wed, 2009-06-24 at 17:07 -0500, Serge E. Hallyn wrote: > > Oh, no. I wasn't thinking right. > > > > The objects are actually restored through calls to do_shmget() etc, > > so that security_xyz_alloc() already gets called. > > Does this mean that the objects temporarily exist in the wrong security > context and are accessible to other threads during the interval between > creation and when they get "restored" to the right security context? They get restored in a private IPC namespace so they aren't accessible to any live tasks. Also, the objects will be created using the default context for the program doing sys_restore(), running as app_restore_t or something, so presumably a policy could ensure that such temporary objects aren't readable by anyone else, just in case something goes wrong before the security_ipcxyz_restore(), right? -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
