On Aug 12, 2014 11:07 AM, "Stephen Smalley" <sds@xxxxxxxxxxxxx> wrote: > > On 08/12/2014 02:01 PM, Andy Lutomirski wrote: > > On Mon, Aug 4, 2014 at 10:36 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > >> If the callee SID is bounded by the caller SID, then allowing > >> the transition to occur poses no risk of privilege escalation and we can > >> therefore safely allow the transition to occur. Add this exemption > >> for both the case where a transition was explicitly requested by the > >> application and the case where an automatic transition is defined in > >> policy. > > > > This still wants something like security_bounded_transition_noaudit, > > right? (Or just a parameter about whether to audit -- there will only > > be two callers, I think.) > > I think generating an audit record is correct in this case; the > operation would have succeeded if the type were bounded, so it is > correct and helpful to report this to the audit log for diagnosing > failures. I think Paul's prior objection was that you could end up with > an audit record even when the operation succeeded when we allowed the > transitions on either a bounded transition or dyntransition permission, > but that is no longer the case. Fair enough. Does this have any chance of making 3.17? --Andy _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
