Quoting Stephen Smalley (sds@xxxxxxxxxxxxxx): > On Wed, 2009-06-24 at 17:07 -0500, Serge E. Hallyn wrote: > > Oh, no. I wasn't thinking right. > > > > The objects are actually restored through calls to do_shmget() etc, > > so that security_xyz_alloc() already gets called. > > Does this mean that the objects temporarily exist in the wrong security > context and are accessible to other threads during the interval between > creation and when they get "restored" to the right security context? They get restored in a private IPC namespace so they aren't accessible to any live tasks. Also, the objects will be created using the default context for the program doing sys_restore(), running as app_restore_t or something, so presumably a policy could ensure that such temporary objects aren't readable by anyone else, just in case something goes wrong before the security_ipcxyz_restore(), right? -serge -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
