From: Paul Moore <paul.moore@hp.com>
To: James Morris <jmorris@namei.org>
Cc: selinux@tycho.nsa.gov, michal.k.k.piotrowski@gmail.com
Subject: Re: [PATCH 2/2] NetLabel: enable dynamic activation/deactivation of NetLabel/SELinux enforcement
Date: Sat, 14 Jul 2007 10:21:32 -0400 [thread overview]
Message-ID: <200707141021.32253.paul.moore@hp.com> (raw)
In-Reply-To: <Line.LNX.4.64.0707141008330.25781@d.namei>
On Saturday 14 July 2007 10:09:48 am James Morris wrote:
> On Fri, 13 Jul 2007, Paul Moore wrote:
> > Create a new NetLabel KAPI interface, netlbl_enabled(), which reports on
> > the current runtime status of NetLabel based on the existing
> > configuration. LSMs that make use of NetLabel, i.e. SELinux, can use
> > this new function to determine if they should perform NetLabel access
> > checks. This patch changes the NetLabel/SELinux glue code such that
> > SELinux only enforces NetLabel related access checks when
> > netlbl_enabled() returns true.
>
> This should be the first patch, so a git-bisect doesn't break userspace.
> (I can re-order them for merge, as long as they apply ok in that order).
That is fine with me. I suspect you might run into problems merging the
patches for security/selinux/netlabel.c in reverse order, if that is the case
let me know and I can respin the patchset for you.
--
paul moore
linux security @ hp
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2007-07-14 14:21 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-14 3:04 [PATCH 0/2] Fix for the unlabeled NetLabel access check patch Paul Moore
2007-07-14 3:04 ` [PATCH 1/2] SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel Paul Moore
2007-07-14 3:04 ` [PATCH 2/2] NetLabel: enable dynamic activation/deactivation of NetLabel/SELinux enforcement Paul Moore
2007-07-14 14:09 ` James Morris
2007-07-14 14:21 ` Paul Moore [this message]
2007-07-14 15:26 ` James Morris
2007-07-14 15:47 ` Paul Moore
2007-07-14 15:50 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200707141021.32253.paul.moore@hp.com \
--to=paul.moore@hp.com \
--cc=jmorris@namei.org \
--cc=michal.k.k.piotrowski@gmail.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.