On Tue, Dec 7, 2010 at 11:56 AM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > Let's assume for the moment that no one has a significant objection > to adding the component name to inode_init_security. I am not > suggesting that what gets passed to inode_init_security is > insufficiently general. I am asking if there are other hooks that > also ought to have the component name as one of their parameters. > Yes, I understand the concept of "if it ain't broke ...", and that > may suffice at this point, and if not the fact that no one would be > using the component name in those other hooks definitely would. I > expect that when someone comes along with a new LSM that does access > controls based on the final component* they aren't going to suffer > unnecessary resistance from the SELinux community as they add the > component name as a parameter to other hooks. > > ---- > * For example, only files suffixed with ".exe" can be executed and > only files suffixed with ".so" can be mmapped. I think you can already achieve that via the pathname hooks, but if not and you want it, go for it. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
