On Sat, 2008-05-31 at 04:27 -0400, Christoph Hellwig wrote: > On Thu, May 29, 2008 at 01:32:51PM +0200, Miklos Szeredi wrote: > > Convert the selinux sysctl pathname computation code into a standalone > > function. > > No point bloating core kernel for selinux mess. And this whole routine > should rather go away rather than moving it to core code. While doing > pathname based lookup for the label might work for the limited case > of sysctl where there are no symlinks but is a rather dumb idea in > general. And reconstructing this path from the sysctl tables is twice > as dumb. I didn't see an alternative for fine-grained labeling of sysctl - the pathname was the only stable key I could use as an index into policy; xattrs or the like didn't make sense there. And generating the pathname from the sysctl tables ensured that we obtained a stable result that wasn't mutable by userspace. Do you have an alternative suggestion? -- Stephen Smalley National Security Agency -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
