On Mon, 2007-12-10 at 17:07 +0000, David Howells wrote: > Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > > > + tsec->create_sid = SECINITSID_UNLABELED; > > > + tsec->keycreate_sid = SECINITSID_UNLABELED; > > > + tsec->sockcreate_sid = SECINITSID_UNLABELED; > > Cleared means what? Setting to 0? Or is there some other constant I should > use for that? Yes, setting to 0. Otherwise, only other issue I have with this interface is it won't generalize to dealing with nfsd, where we want to set the acting context to a context we obtain from or determine based upon the client. Why can't cachefilesd just push a context into the kernel and pass that into the hook as the acting context, and then nfsd can do likewise using the context provided by the client or obtained locally from exports for ordinary clients? Avoids the transition SID computation altogether within the kernel and makes this more generic. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
