On Tuesday 30 June 2009 06:19:04 pm James Morris wrote: > On Tue, 30 Jun 2009, Paul Moore wrote: > > So how do we fix it? Well, there are a two options that I can think of > > right now (feel free to add to the list): > > > > 1. Set the sock's label/SID in sk_alloc() > > 2. Introduce a new hook to set the label/SID of a sock and call it from > > tun_set_iff() > > > > The problem with #2 is that it introduces a new (basically TUN specific) > > hook to do something silly. Important, but still kinda silly. The > > problem with #1 is that we currently set the sock's label/SID in > > selinux_socket_post_create() and match it with the inode's label/SID > > which has the potential to get ugly (I haven't verified all of those > > cases yet). However, there may be an alternative, call it #1a, where set > > label the sock in sk_alloc() and then use the sock's label to set the > > inode's label in socket_post_create(); this should solve the potential > > ugliness. > > > > Thoughts? > > I'm not sure, but we probably need to include the netdev list in the > discussion. Yep, I was just hoping to have a little discussion here first to make sure we at least agreed on what should be done from a security point of view ... -- paul moore linux @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
