On Mon, 2010-09-27 at 13:01 -0400, Eric Paris wrote: > On Mon, 2010-09-27 at 10:50 +1000, James Morris wrote: > > On Fri, 24 Sep 2010, Eric Paris wrote: > > > For the reasons above, I think the secctx string needs to be exported in > > addition to this rather than instead of. > > I won't argue, I don't agree with your reasoning, but I'm not opposed to > this result. We have 3 competing suggestions: > > Jan suggested we: > completely eliminate secmark from procfs+netlink and only export secctx > in netlink. > > Eric suggested we: > completely eliminate secmark from procfs+netlink and then export secctx > in procfs+netlink > > sounds like James suggested we: > continue to export meaningless and confusing secmark from procfs+netlink > and then export secctx in procfs+netlink as well. > > I'm going to implement James' idea and resend the patch series. Any > strong objections? I apologize for not getting a chance to look at these patches sooner. In general they look fine to me and my only real concern was addressed by Pablo already (breaking userspace due to #define changes). As far as exporting the 32bit secid/secmark to userspace, I think that is a mistake. James correctly points out that it does map to a LSM specific value, e.g. SELinux and Smack security labels, but I don't think he makes it clear that in the two LSMs that currently use secids the mapping between the secid and the secctx is not constant; the secids are transient values that will change with each boot in a manner that userspace can not predict. For this reason, I think exporting the secids is only going to cause users/admins grief, whereas exporting the associated secctx should be a much more stable value and is likely what the user/admin is expecting anyway. -- paul moore linux @ hp -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
