From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Kees Cook <kees.cook@canonical.com>
Cc: Casey Schaufler <casey@schaufler-ca.com>,
linux-security-module@vger.kernel.org,
James Morris <jmorris@namei.org>, Eric Paris <eparis@redhat.com>,
David Howells <dhowells@redhat.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
Ingo Molnar <mingo@elte.hu>,
Andrew Morton <akpm@linux-foundation.org>,
Simon Kagstrom <simon.kagstrom@netinsight.net>,
David Woodhouse <David.Woodhouse@intel.com>,
Robin Getz <rgetz@analog.com>,
Greg Kroah-Hartman <gregkh@suse.de>,
Paul Moore <paul.moore@hp.com>,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
Stephen Smalley <sds@tycho.nsa.gov>,
Etienne Basset <etienne.basset@numericable.fr>,
"David P. Quigley" <dpquigl@tycho.nsa.gov>,
LKLM <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] syslog: distinguish between /proc/kmsg and syscalls
Date: Tue, 2 Feb 2010 15:25:10 -0600 [thread overview]
Message-ID: <20100202212510.GG32305@us.ibm.com> (raw)
In-Reply-To: <20100202202054.GW19355@outflux.net>
Quoting Kees Cook (kees.cook@canonical.com):
> Hi,
>
> On Mon, Feb 01, 2010 at 10:15:06PM -0800, Casey Schaufler wrote:
> > Might I suggest that you use a term other than "context" in this patch?
> > I recognize that it is the proper word, but the term has significant and
> > specific meaning in SELinux, and some of that has spilled over into the
> > LSM in general. I expect that there might be confusion if it is used to
> > denote something other than an SELinux "context". Perhaps "method", "type",
> > or "scheme".
>
> Yeah, I cringed at "context" too, but since "type" is pretty overloaded
> and it was already an argument there, I figured maybe it wouldn't be
> too bad.
>
> > > -extern int cap_syslog(int type);
> > > +extern int cap_syslog(int type, int context);
>
> Perhaps "source" or "origin"? "mode" is too overloaded with file modes.
> Maybe a future patch can change "type" to "action" too.
'int from_file' or 'int from_sysc'?
Really the special case is that if (from_file) then we take the file
as a validated token allowing us to bypass new privilege checks, right?
so 'from_file' seems appropriate to me.
-serge
next prev parent reply other threads:[~2010-02-02 21:25 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-02 5:53 [PATCH] syslog: distinguish between /proc/kmsg and syscalls Kees Cook
2010-02-02 6:15 ` Casey Schaufler
2010-02-02 20:20 ` Kees Cook
2010-02-02 21:25 ` Serge E. Hallyn [this message]
2010-02-02 21:59 ` James Morris
2010-02-03 19:15 ` [PATCH 1/2] " Kees Cook
2010-02-03 20:44 ` Serge E. Hallyn
2010-02-03 19:23 ` [PATCH 2/2] syslog: use defined constants instead of raw numbers Kees Cook
2010-02-03 20:47 ` Serge E. Hallyn
2010-02-03 23:36 ` [PATCH v2 1/2] syslog: distinguish between /proc/kmsg and syscalls Kees Cook
2010-02-04 0:30 ` Serge E. Hallyn
2010-02-04 1:39 ` John Johansen
2010-02-04 3:52 ` James Morris
2010-02-04 7:58 ` Alex Riesen
2010-02-04 8:09 ` Kees Cook
2010-02-04 21:17 ` James Morris
2010-02-04 21:31 ` Serge E. Hallyn
2010-02-04 21:49 ` Eric Paris
2010-02-03 23:37 ` [PATCH v2 2/2] syslog: use defined constants instead of raw numbers Kees Cook
2010-02-04 0:35 ` Serge E. Hallyn
2010-02-04 1:38 ` John Johansen
2010-02-04 3:51 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100202212510.GG32305@us.ibm.com \
--to=serue@us.ibm.com \
--cc=David.Woodhouse@intel.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=casey@schaufler-ca.com \
--cc=dhowells@redhat.com \
--cc=dpquigl@tycho.nsa.gov \
--cc=eparis@redhat.com \
--cc=etienne.basset@numericable.fr \
--cc=gregkh@suse.de \
--cc=jmorris@namei.org \
--cc=kees.cook@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=paul.moore@hp.com \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=rgetz@analog.com \
--cc=sds@tycho.nsa.gov \
--cc=simon.kagstrom@netinsight.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.