On Tue, 2008-02-05 at 11:52 -0600, Xavier Toth wrote:
> Is this in rawhide, if not when will it be?
Not up to us, obviously. The patch is in Linus' git tree, but looks
like latest fedora devel kernel is frozen on 2.6.24 + specific
individual patches, not feeding from Linus' git presently. James could
possibly ask the Fedora kernel maintainer about adding it - it is small,
self-contained, and has no side effects on existing code (nothing prior
to XSELinux uses the compute member support; pam_namespace usage was
disabled since it didn't work right for multi-level dirs).
>
> On Thu, Jan 24, 2008 at 2:30 PM, Eamon Walsh <ewalsh@xxxxxxxxxxxxx> wrote:
> > This patch removes the requirement that the new and related object types
> > differ in order to polyinstantiate by MLS level. This allows MLS
> > polyinstantiation to occur in the absence of explicit type_member rules
> > or when the type has not changed.
> >
> > Potential users of this support include pam_namespace.so (directory
> > polyinstantiation) and the SELinux X support (property polyinstantiation).
> >
> > Signed-off-by: Eamon Walsh <ewalsh@xxxxxxxxxxxxx>
> > ---
> >
> > mls.c | 11 ++---------
> > 1 file changed, 2 insertions(+), 9 deletions(-)
> >
> >
> > diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
> > index fb5d70a..3bbcb53 100644
> > --- a/security/selinux/ss/mls.c
> > +++ b/security/selinux/ss/mls.c
> > @@ -537,15 +537,8 @@ int mls_compute_sid(struct context *scontext,
> > /* Use the process effective MLS attributes. */
> > return mls_context_cpy_low(newcontext, scontext);
> > case AVTAB_MEMBER:
> > - /* Only polyinstantiate the MLS attributes if
> > - the type is being polyinstantiated */
> > - if (newcontext->type != tcontext->type) {
> > - /* Use the process effective MLS attributes. */
> > - return mls_context_cpy_low(newcontext, scontext);
> > - } else {
> > - /* Use the related object MLS attributes. */
> > - return mls_context_cpy(newcontext, tcontext);
> > - }
> > + /* Use the process effective MLS attributes. */
> > + return mls_context_cpy_low(newcontext, scontext);
> > default:
> > return -EINVAL;
> > }
> >
> >
> >
> > --
> > Eamon Walsh <ewalsh@xxxxxxxxxxxxx>
> > National Security Agency
> >
> >
> > --
> > This message was distributed to subscribers of the selinux mailing list.
> > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
> > the words "unsubscribe selinux" without quotes as the message.
> >
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
> the words "unsubscribe selinux" without quotes as the message.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
