On Thu, 2007-11-15 at 14:53 +0000, David Howells wrote: > Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > > > David, we need a method of querying the keyring to see what the selinux > > context that is associated with it. For debugging purposes. Currently > > we can not tell whether the policy is correct or not, since we have no > > way to ask the keyring for its label. > > Does it need to be accessible from kernel space? Can I pass a userspace > buffer pointer through to the LSM? Yes to the first (likely will be wanted for audit eventually), no to the second (preferably). getprocattr and inode_getsecurity deal only with kernel buffers themselves. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
