Re: [PATCH] socket.7,unix.7: add initial description for SO_PEERSEC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Sep 11, 2020 at 5:23 AM Simon McVittie <smcv@xxxxxxxxxxxxx> wrote:
>
> On Thu, 10 Sep 2020 at 17:00:59 -0400, Stephen Smalley wrote:
> > +For SELinux, the security context string is a null-terminated
> > +string and the returned length includes the terminating null.
> > +Other security modules may differ.
>
> We discussed this interface a while ago when I was setting up dbus to
> use SO_PEERSEC. It would be really useful if the man page documented
> what callers can and can't expect from an unknown LSM, so that the
> author of the next D-Bus-equivalent doesn't have to turn up on the
> linux-security-module list and annoy maintainers like I did.
>
> Perhaps something like this?
>
>     The security context string may include a terminating null character
>     in the returned length, but is not guaranteed to do so:
>     a security context "foo" might be represented as either {'f','o','o'}
>     of length 3 or {'f','o','o','\0'} of length 4, which are considered
>     to be interchangeable. It is printable, does not contain non-terminating
>     null characters, and is in an unspecified encoding (in particular it is
>     not guaranteed to be ASCII or UTF-8).

Works for me.  Do the security subsystem maintainers concur?



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux