On Aug 27, 2008, at 4:06 PM, Casey Schaufler wrote:
Stephen Smalley wrote:
...
You may be right about setxattr not being viable due to it being an
inode op. setsockopt may be the right approach there if we need to
support relabeling of sockets at all.
Hum. fsetxattr() works for Smack. The only thing that I can't do
is switch from labeled domains to unlabeled ones. So long as I'm
living "within CIPSO" it works great. Paul did a very good job on
that. If the intent is to change the MLS value, which is very useful
for label-aware service providers like CMW style X11 server or a
mail server, there oughtn't be a problem.
Yes, it would be weird to change the label on a TCP connection
midstream, but not unheard of. If you need an example think of
what you might want to do with a diskless boot, or some of the
less sophisticated clustering schemes. For UDP examples should
be obvious to the casual observer, and a couple are cited above.
Or am I missing something (again)?
It sets the socket's inode's security context, but not the sock's
context. The former is used to authorize access to the socket api.
The latter is what is used to authorize packet access (e.g., labeled
ipsec and seclabel). So, you end up with the two being different
which is a potential problem.
Regards,
Trent.
----------------------------------------------
Trent Jaeger, Associate Professor
Pennsylvania State University, CSE Dept
346A IST Bldg, University Park, PA 16802
Email: tjaeger@xxxxxxxxxxx
Ph: (814) 865-1042, Fax: (814) 865-3176
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
