On Wednesday 05 August 2009 10:13:50 am Serge E. Hallyn wrote: > Quoting Paul Moore (paul.moore@xxxxxx): [NOTE: my email has been out all day due to some mysterious FS issue so my apologies for not replying sooner] ... > The checks before and after this patch are not equivalent. Post-patch, > one must always have CAP_NET_ADMIN to do the attach, whereas pre-patch > you only needed those if current_cred() did not own the tun device. Is > that intentional? Nope, just a goof on my part; I misread the booleans and haven't fully tested the patch yet so it slipped out, thanks for catching it. This brings up a good point, would we rather move the TUN owner/group checks into the cap_tun_* functions or move the capable() call back into the TUN driver? The answer wasn't clear to me when I was looking at the code before and the uniqueness of the TUN driver doesn't help much in this regard. > Also as Eric said this patch needs to set the cap_ hooks. This patch > isn't yet introducing the selinux hooks, so iiuc actually this patch should > always oops if CONFIG_SECURITY=y. Yep, another symptom of not enough testing as I mentioned out in the original posting, thanks to both of you for pointing this out ... now somebody just needs to fix Rawhide so I can actually get a KVM instance running :) -- paul moore linux @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
