On Mon, 2009-05-18 at 08:21 -0500, Xavier Toth wrote: > What is the current situation regarding threads and their context? I > remember seeing patches related to this subject posted awhile back > were they upstreamed? In Linux 2.6.28 and later, a thread in a multi-threaded process can switch its context via setcon(3) iff the new SID is bounded by the old SID (where bounded is defined via typebounds statements supported by checkpolicy >= 2.0.17 and libsepol >= 2.0.34 and indicates that the child context is never allowed more permissions than the parent context). There is a test policy and test case added for the type bounds support in the ltp selinux testsuite, enabled in the cvs head. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
