|
Many thanks Eric and Stephen! I am downloading Eric's selinux git tree now. Any further comments or questions just let me know. Best regards, Harry > Subject: Re: [v2 PATCH 3/3] SELinux: Compute SID for the newly created socket > From: eparis@xxxxxxxxxx > To: sds@xxxxxxxxxxxxx > CC: qingtao.cao@xxxxxxxxxxxxx; jmorris@xxxxxxxxx; eparis@xxxxxxxxxxxxxx; selinux@xxxxxxxxxxxxx > Date: Wed, 2 Mar 2011 14:52:12 -0500 > > On Wed, 2011-03-02 at 08:58 -0500, Stephen Smalley wrote: > > On Wed, 2011-03-02 at 13:32 +0800, Harry Ciao wrote: > > > The security context for the newly created socket shares the same > > > user, role and MLS attribute as its creator but may have a different > > > type, which could be specified by a type_transition rule in the relevant > > > policy package. > > > > > > Signed-off-by: Harry Ciao <qingtao.cao@windrive! r.com> > > > > The patches look good to me but I think they conflict with already > > applied patches in Eric's tree: > > git clone git://git.infradead.org/users/eparis/selinux.git > > > > CC security/selinux/hooks.o > > security/selinux/hooks.c: In function ‘socket_sockcreate_sid’: > > security/selinux/hooks.c:3602:2: warning: passing argument 4 of > > ‘security_transition_sid’ from incompatible pointer type > > security/selinux/include/security.h:111:5: note: expected ‘const struct > > qstr *’ but argument is of type ‘u32 *’ > > security/selinux/hooks.c:3602:2: error: too few arguments to function > > ‘security_transition_sid’ > > security/selinux/include/security.h:111:5: note: declared here > > security/selinux/hooks.c:3603:1: warning: control reaches end of > > non-void function > > make[2]: *** [s! ecurity/selinux/hooks.o] Error 1 > > > > I think Er ic changed the security_transition_sid interface to support > > type_transitions based on last component name, so you'd need to adjust > > your patches accordingly. > > > > Patches for SELinux now go in via Eric's tree and then on to James' > > tree. > > I actually fixed up your patch and pushed them to a new branch for > review. If people are happy I will merge them and send them along > towards Linus. > > http://git.infradead.org/users/eparis/selinux.git/shortlog/refs/heads/socket-labeling > > -Eric > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. |
