From: Ted X Toth <txtoth@gmail.com>
To: Chad Hanson <chanson@TrustedCS.com>
Cc: Michael C Thompson <thompsmc@us.ibm.com>, selinux@tycho.nsa.gov
Subject: Re: directory polyinstantiation failure
Date: Tue, 24 Apr 2007 12:49:45 -0500 [thread overview]
Message-ID: <462E4339.1040403@gmail.com> (raw)
In-Reply-To: <27C0723414C58546B4084C2F17BE052A213A23@chaos.tcs.tcs-sec.com>
Here is the bug I opened:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237249
Hopefully others will add their input because I think this need more
attention than just a documentation change.
Chad Hanson wrote:
> I believe "user" fallback case also creates a problem in utilizing namespace
> for the current version of GDM with RHEL 5 from my testing.
>
> -Chad
>
>
>> -----Original Message-----
>> From: Xavier Toth [mailto:txtoth@gmail.com]
>> Sent: Wednesday, April 18, 2007 12:00 PM
>> To: Michael C Thompson
>> Cc: selinux@tycho.nsa.gov
>> Subject: Re: directory polyinstantiation failure
>>
>> Here is the patch for to expand $HOME. However as I looked at
>> the code I see the reason for behavior that had confused me
>> partly because it isn't documented and partly because I don't
>> think it is desired. I'd specified some directories to be
>> polyinstantiated by level but then I'd see that they might
>> also get polyinstantiated by user. The code as described in
>> the following comment is overriding my specified method if
>> getexeccon fails.
>> /*
>> * This function checks if the calling program has requested context
>> * change by calling setexeccon(). If context change is not requested
>> * then it does not make sense to polyinstantiate based on context.
>> * The return value from this function is used when selecting the
>> * polyinstantiation method. If context change is not requested then
>> * the polyinstantiation method is set to USER, even if the
>> configuration
>> * file lists the method as "context" or "both".
>> */
>> static int ctxt_based_inst_needed(void)
>>
>> Why if getexeccon fails doesn't it make sense to
>> polyinstantiate based on context/level? Why not call getcon
>> lf getexeccon fails and use that context instead of switching
>> the method?
>>
>>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2007-04-24 17:50 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-24 15:06 directory polyinstantiation failure Chad Hanson
2007-04-24 17:49 ` Ted X Toth [this message]
-- strict thread matches above, loose matches on Subject: below --
2007-04-17 18:07 Xavier Toth
2007-04-17 18:47 ` Michael C Thompson
2007-04-17 19:23 ` Xavier Toth
2007-04-17 20:19 ` Michael C Thompson
2007-04-18 16:59 ` Xavier Toth
2007-04-18 20:04 ` Linda Knippers
2007-04-19 14:04 ` Ted X Toth
2007-04-24 9:06 ` Russell Coker
2007-04-24 20:19 ` Ted X Toth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=462E4339.1040403@gmail.com \
--to=txtoth@gmail.com \
--cc=chanson@TrustedCS.com \
--cc=selinux@tycho.nsa.gov \
--cc=thompsmc@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.