Stephen Smalley wrote:
On Thu, 2009-04-16 at 20:47 -0400, Eamon Walsh wrote:
Stephen Smalley wrote:
<snip>
No, I don't want to change the behavior upon context_to_sid calls in
general, as we otherwise lose all context validity checking in
permissive mode.
I think I'd rather change compute_sid behavior to preclude the situation
from arising in the first place, possibly altering the behavior in
permissive mode upon an invalid context to fall back on the ssid
(process) or the tsid (object). But I'm not entirely convinced any
change is required here.
I just want to follow up to make sure we are all on the same page here. Was the
suggestion to change avc_has_perm in libselinux or context_to_sid in the kernel
or leave the code as is and fix the callers of avc_has_perm to correctly handle
error codes?
I prefer the last approach because of Eamon's explanation, EINVAL is already
passed in errno to specify the context was invalid (and if object managers
aren't handling that correctly now there is a good chance they aren't handling
the ENOMEM case either).
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
