--- Paul Moore <paul.moore@xxxxxx> wrote: > On Tuesday 15 January 2008 8:05:27 pm James Morris wrote: > > On Tue, 15 Jan 2008, David Howells wrote: > > > secid_to_secctx() LSM hook. This patch also includes the SELinux > > > implementation for this hook. > > > > > > Signed-off-by: Paul Moore <paul.moore@xxxxxx> > > > Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx> > > > > This is useful in its own right, and I would like to push it upstream for > > 2.6.24 unless there are any objections. > > Isn't it a bit late in 2.6.24 to add new functionality, especially when there > > isn't an in-tree user for it in 2.6.24? > > You are right, there are several users of this function currently under > development but I'm pretty sure all of them are targeting 2.6.25 or greater. > > With that in mind, I think the prudent thing to is to wait and push this > upstream for 2.6.25. I concur with Paul. I had to delete the message I was composing because it said exactly the same thing. I do think that we need to put some thought into what a secid really is and what a secctx ought to look like what with multiple user cropping up for them. To date audit is the only out-of-LSM user of the secctx, and assumes it's a printable text string, but if cacheing is going to be using it as well we're approaching the secctx being a "general" interface, and hence a part of the LSM proper. Probably makes sense to include something in the LSM documentation. With luck, someone who spells better than I will beat me to it, but such an update is on my todo list. Casey Schaufler casey@xxxxxxxxxxxxxxxx -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
