On Wed, Oct 26, 2016 at 1:00 PM, David Graziano <david.graziano@xxxxxxxxxxxxxxxxxxx> wrote: > On Tue, Oct 25, 2016 at 11:35 AM, Roberts, William C > <william.c.roberts@xxxxxxxxx> wrote: >> >> >>> -----Original Message----- >>> From: Selinux [mailto:selinux-bounces@xxxxxxxxxxxxx] On Behalf Of Stephen >>> Smalley >>> Sent: Tuesday, October 25, 2016 9:33 AM >>> To: David Graziano <david.graziano@xxxxxxxxxxxxxxxxxxx>; >>> selinux@xxxxxxxxxxxxx >>> Subject: Re: POSIX mqueues >>> >>> On 10/24/2016 03:25 PM, David Graziano wrote: >>> > I am attempting to write policy for a set of applications which use >>> > POSIX mqueues using named type_transistion rules to uniquely label the >>> > mqueue files in the /dev/mqueue directory then controlling access >>> > based on the types. Standard type transition rules seem to work but I >>> > cannot seem to get the named type transitions to apply the proper >>> > label. Are named type transitions not supported by the mqueue file >>> > system? I’m on a 3.14 series kernel with policy version 28 if that >>> > helps. I’d like to avoid needing to do a restorecon after a new queue >>> > is created. Named type transistions seem to work on other file systems >>> > like tmp and jffs2. >>> >>> You would need to patch the kernel to support that; the filesystem >>> implementation must call security_inode_init_security() and pass the &dentry- >>> >d_name in order to support name-based transitions. >>> >> >> Interesting, is anyone currently working on that, David, are you going to do that? If no one >> Wants it, I'll do it ;-P >> > > Unless someone else is already working it I'll go ahead and start a patch. > > - David I have a working patch. Where would you recommend submitting the patch for review/upstreaming? Is it something this mailing list would look at or should I submit elsewhere? _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
