Stephen Smalley wrote:
... You may be right about setxattr not being viable due to it being an inode op. setsockopt may be the right approach there if we need to support relabeling of sockets at all.
Hum. fsetxattr() works for Smack. The only thing that I can't do is switch from labeled domains to unlabeled ones. So long as I'm living "within CIPSO" it works great. Paul did a very good job on that. If the intent is to change the MLS value, which is very useful for label-aware service providers like CMW style X11 server or a mail server, there oughtn't be a problem. Yes, it would be weird to change the label on a TCP connection midstream, but not unheard of. If you need an example think of what you might want to do with a diskless boot, or some of the less sophisticated clustering schemes. For UDP examples should be obvious to the casual observer, and a couple are cited above. Or am I missing something (again)? -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
