On Wed, 2011-03-02 at 13:32 +0800, Harry Ciao wrote: > The security context for the newly created socket shares the same > user, role and MLS attribute as its creator but may have a different > type, which could be specified by a type_transition rule in the relevant > policy package. > > Signed-off-by: Harry Ciao <qingtao.cao@xxxxxxxxxxxxx> The patches look good to me but I think they conflict with already applied patches in Eric's tree: git clone git://git.infradead.org/users/eparis/selinux.git CC security/selinux/hooks.o security/selinux/hooks.c: In function âsocket_sockcreate_sidâ: security/selinux/hooks.c:3602:2: warning: passing argument 4 of âsecurity_transition_sidâ from incompatible pointer type security/selinux/include/security.h:111:5: note: expected âconst struct qstr *â but argument is of type âu32 *â security/selinux/hooks.c:3602:2: error: too few arguments to function âsecurity_transition_sidâ security/selinux/include/security.h:111:5: note: declared here security/selinux/hooks.c:3603:1: warning: control reaches end of non-void function make[2]: *** [security/selinux/hooks.o] Error 1 I think Eric changed the security_transition_sid interface to support type_transitions based on last component name, so you'd need to adjust your patches accordingly. Patches for SELinux now go in via Eric's tree and then on to James' tree. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
