On Mon, 2008-05-19 at 09:31 -0400, Eric Paris wrote: > On Mon, 2008-05-19 at 08:36 -0400, Stephen Smalley wrote: > > On Mon, 2008-05-12 at 08:26 -0400, Stephen Smalley wrote: > > > On Mon, 2008-05-12 at 10:34 +1000, James Morris wrote: > > > > On Fri, 9 May 2008, Stephen Smalley wrote: > > > > > > > > > Simplify and improve the robustness of the SELinux ioctl checking by > > > > > using the "access mode" bits of the ioctl command to determine the > > > > > permission check rather than dealing with individual command values. > > > > > This removes any knowledge of specific ioctl commands from SELinux > > > > > and follows the same guidance we gave to Smack earlier. > > > > > > > > Looks good to me, let me know if you want it applied to for-akpm. > > > > > > Could we perhaps get it added to the F10/rawhide kernel for a while and > > > mention it on fedora-devel-list for people to look out for cases where > > > it causes any failures with existing policy? That will help us to know > > > whether we need to introduce a compatibility knob / policy capability > > > for it or if we can just make this change unconditionally. > > > > Eric - any indications of breakage in rawhide from this change? If not, > > then I think we can likely queue it up on the for-akpm branch and target > > 2.6.27. > > I don't think rawhide is yet a good indicator. I pushed it to CVS but > for a good period of time rawhide wasn't pushing F10 packages to yum > repos. then when it did it didn't take long for davej to rebase to > 2.6.26-rc* which caused him to kick the patches out of the tree. I'm not > sure we shipped a rawhide kernel with these patches for more than a day > or 2 so far. > > I rebased all of the patches over the weekend and a new kernel was > built. I'm listening for breakage. Everyone grab > kernel-2.6.26-0.17.rc3.fc10 and have fun! I think we can/should get this added to the for-akpm branch for testing in linux-next now. No breakage in rawhide yet, right? -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
