Serge E. Hallyn wrote: > Quoting Serge E. Hallyn (serue@xxxxxxxxxx): > >> Quoting Casey Schaufler (casey@xxxxxxxxxxxxxxxx): >> >>> Serge E. Hallyn wrote: >>> >>>> Quoting Casey Schaufler (casey@xxxxxxxxxxxxxxxx): >>>> So do you think that adding a policy version check in the kernel >>>> at restart would help this? >>>> >> For the moment I intend to add a patch on top of these adding two >> security calls: >> >> security_may_checkpoint(ctx) which will authorize the >> ability to checkpoint at all, and >> > > I meant: > > security_may_restore(ctx). > As much as I hate adding more hooks, you could argue for both. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
