Re: [RFC PATCH v1 2/6] selinux: Set the peer label correctly on connected UNIX domain sockets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2010-05-04 at 10:05 -0400, Stephen Smalley wrote:
> On Mon, 2010-05-03 at 18:11 -0400, Paul Moore wrote:
> > Correct a problem where we weren't setting the peer label correctly on
> > the client end of a pair of connected UNIX sockets.
> > 
> > Signed-off-by: XXX
> > ---
> >  security/selinux/hooks.c |   28 ++++++++++++----------------
> >  1 files changed, 12 insertions(+), 16 deletions(-)
> > 
> > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> > index f9545c8..09973e2 100644
> > --- a/security/selinux/hooks.c
> > +++ b/security/selinux/hooks.c
> > @@ -4039,34 +4039,30 @@ static int selinux_socket_unix_stream_connect(struct socket *sock,
> >  					      struct socket *other,
> >  					      struct sock *newsk)
> >  {
> > -	struct sk_security_struct *ssec;
> > -	struct inode_security_struct *isec;
> > -	struct inode_security_struct *other_isec;
> > +	struct sk_security_struct *sksec_s = sock->sk->sk_security;
> > +	struct sk_security_struct *sksec_o = other->sk->sk_security;
> > +	struct sk_security_struct *sksec_n = newsk->sk_security;
> 
> Don't you find the code using these names (sksec_[son]) to be rather
> difficult to read compared to the old code?

He is probably doing this because I just converted everything that was
an sk_security_struck to sksec for easy grepping in a recent patch.  I'd
be in favor of more than _s _o and _n suffix's though....

-Eric


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux