On 10/31/2016 08:58 AM, David Graziano wrote: > On Wed, Oct 26, 2016 at 1:00 PM, David Graziano > <david.graziano@xxxxxxxxxxxxxxxxxxx> wrote: >> On Tue, Oct 25, 2016 at 11:35 AM, Roberts, William C >> <william.c.roberts@xxxxxxxxx> wrote: >>> >>> >>>> -----Original Message----- >>>> From: Selinux [mailto:selinux-bounces@xxxxxxxxxxxxx] On Behalf Of Stephen >>>> Smalley >>>> Sent: Tuesday, October 25, 2016 9:33 AM >>>> To: David Graziano <david.graziano@xxxxxxxxxxxxxxxxxxx>; >>>> selinux@xxxxxxxxxxxxx >>>> Subject: Re: POSIX mqueues >>>> >>>> On 10/24/2016 03:25 PM, David Graziano wrote: >>>>> I am attempting to write policy for a set of applications which use >>>>> POSIX mqueues using named type_transistion rules to uniquely label the >>>>> mqueue files in the /dev/mqueue directory then controlling access >>>>> based on the types. Standard type transition rules seem to work but I >>>>> cannot seem to get the named type transitions to apply the proper >>>>> label. Are named type transitions not supported by the mqueue file >>>>> system? I’m on a 3.14 series kernel with policy version 28 if that >>>>> helps. I’d like to avoid needing to do a restorecon after a new queue >>>>> is created. Named type transistions seem to work on other file systems >>>>> like tmp and jffs2. >>>> >>>> You would need to patch the kernel to support that; the filesystem >>>> implementation must call security_inode_init_security() and pass the &dentry- >>>>> d_name in order to support name-based transitions. >>>> >>> >>> Interesting, is anyone currently working on that, David, are you going to do that? If no one >>> Wants it, I'll do it ;-P >>> >> >> Unless someone else is already working it I'll go ahead and start a patch. >> >> - David > > > I have a working patch. Where would you recommend submitting the patch > for review/upstreaming? Is it something this mailing list would look > at or should I submit elsewhere? This list, with Paul Moore cc'd. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
