On Monday 05 April 2010 03:28:12 pm Joe Nall wrote: > On Apr 5, 2010, at 2:01 PM, Paul Moore wrote: > > Correct a problem where we weren't setting the peer label correctly on > > connected UNIX domain sockets and do some other general fixup while we > > are messing with the code. > > > > Signed-off-by: Paul Moore <paul.moore@xxxxxx> > > Paul, > Do you have a before/after test case? Not really a before/after no, as I don't have anything that really performs a getpeercon() on the client end as typically only the server side cares about the peer's label (or at least that has been my experience). What I did test was to make sure I didn't see any regressions in the UNIX stream socket connections. To accomplish that I tweaked a little SELinux aware server I use for testing INET sockets to make it work with UNIX sockets and connected to it with socat at a variety of different levels, making sure getpeercon() always displayed the correct level over a UNIX socket connection. You can find a copy of my little test server at the URL below; I will caution you it isn't particularly well written but it works well for situations like these. * http://free.linux.hp.com/~pmoore/files/getpeercon_server.c -- paul moore linux @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
